[OpenID] checking of openid provider web sites
Peter Williams
pwilliams at rapattoni.com
Tue Dec 16 02:30:56 UTC 2008
Is there a description of the method it uses to determine correctness of the OP?
Is it intended to be foolproof, advisory, or a hint?
Is its accuracy a function of any user management activities, per OP?
Are there any trust assumptions?
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Steven Livingstone-Perez
Sent: Monday, December 15, 2008 4:21 PM
To: general at openid.net
Subject: [OpenID] checking of openid provider web sites
Based on some of the rather more detailed solutions I've read about today, I have hacked a rather simple idea for something I thought may be useful.
It is basically a plug-in to the browsers (Bookmarklet just now for all and a toolbar for FF and IE in the works) and it allows you to check whether the OpenID provider you have been asked to enter your details into is indeed the correct provider. It tells you if there is an issue with the provider.
Currently I have added a check for OpenID.org, myOpenID.com and claimID.com (for no reason other than it's getting late here). So just add the bookmarklet (toolbars are in the works) and when you are asked to log into one of these sites click the "WebCheck" button to perform a quick check.
Details at:
http://www.openid.org/apps/webcheck/default.aspx
I have no idea whether this will be useful or a ton of issues will spring to mind but figured if I throw it out I'll soon find out (and save energy if of no use!).
steven
http://livz.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081215/6a1ed4d8/attachment-0002.htm>
More information about the general
mailing list