[OpenID] Combining Google & Yahoo user experience research
Shane B Weeden
sweeden at au1.ibm.com
Sun Oct 19 16:36:20 UTC 2008
Brandon:
> [...] Why should I trust a random OP?
>
You shouldn't, and nobody is claiming you should for any transaction of
value. What does excite me about OpenID (and InfoCard for that matter)
over other SSO protocols like SAML is the zero cost of onboarding
additional RP's if I am acting as an IDP. All the RP needs to do (besides
following a best-practices secure deployment model) is define that they
trust the IDP (e.g. for OpenID define a trusted list of OP endpoints) and
the IDP need do nothing in particular.
Sure, there are dynamic extensions to SAML like those defined by
Shibboleth for dynamic metadata sharing, but out-of-the-box nothing I've
been exposed to thus far quite matches the simplicity of the OpenID model.
=shane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081020/0dfedd71/attachment-0002.htm>
More information about the general
mailing list