[OpenID] Security related Use Cases?
Allen Tom
atom at yahoo-inc.com
Sat Oct 18 03:40:09 UTC 2008
Dick Hardt wrote:
> Have you tested the OP user experience with a malicious RP? ie. how
> easy is it for a malicious RP to fool users to pretend they are your OP?
This is exactly the reason why we require that the Yahoo Login screen
always appear in the the entire browser window, with the address bar
displaying https://login.yahoo.com.
We do not allow the Yahoo Login screen to be framed, and we encourage
all users, especially OpenID users to setup an anti-phishing Sign-in
Seal, which is a customized image that's displayed next to the Login form.
Allen
More information about the general
mailing list