[OpenID] 2-Headed OpenID Auth for Increased Security?
David Fuelling
sappenin at gmail.com
Sat Nov 29 18:41:53 UTC 2008
Hey List,
I've been thinking about the security of OpenID lately, dreaming about the
day when I'll be able to use OpenID at my bank's website. One issue that I
keep coming back to is that my OP (or a rogue employee at my OP) could
masquerade as me at OpenID-enabled RP's across the web since the OP is a
single authentication point in the OpenID ecosystem.
To mitigate this problem, one idea I have would be to utilize a 2-headed
OpenID auth scheme, whereby a "higher security" RP (like my bank) would
require OpenID authentication assertions from two separate OP's. This would
preclude somebody at OP #1 from masquerading as me, since any RP would
require a second auth from a different OP, outside the control of the first
OP.
On the face of it all, this approach would seem to require two different
OpenIDs (one for each OP). However, using Yadis/XRDS, one could specify a
primary and secondary OP for a particular OpenID. Assuming that the user is
logged-in to both OP's, this dual-auth may even go un-noticed by the user.
Of course, an RP could also just allow the user to select two different OP's
to use for auth assertions at login time.
I suppose there are several ways to make this happen, but I'd appreciate any
feedback on this idea...
Thanks!
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081129/e8f3ea70/attachment-0001.htm>
More information about the general
mailing list