[OpenID] Combining Google & Yahoo user experience research

Andrew Arnott andrewarnott at gmail.com
Sun Oct 19 16:51:47 UTC 2008


I don't think Shane was saying it's great for low-security needs.  But if
you don't feel you can trust a random OP, Shane was saying you as an RP can
choose to trust only certain OPs so they are not random.  Microsoft
HealthVault is an example of an RP that chooses merely 3 OPs to trust.  The
OPs on the other hand don't have to do any extra work.

On Sun, Oct 19, 2008 at 9:45 AM, Brandon Ramirez <
brandon.s.ramirez at gmail.com> wrote:

> So it's great security if you need very little security?
>
> Transactions of value are precisely where we need federated identity.  I
> have different logins for my bank, credit card company, car insurance, every
> everything under the sun.  Except I can share identity between my blog and a
> site like Flicker.
>
> - Brandon
>
>
> On Sun, Oct 19, 2008 at 12:36 PM, Shane B Weeden <sweeden at au1.ibm.com>wrote:
>
>>
>> Brandon:
>> > [...]  Why should I trust a random OP?
>> >
>>
>> You shouldn't, and nobody is claiming you should for any transaction of
>> value. What does excite me about OpenID (and InfoCard for that matter) over
>> other SSO protocols like SAML is the zero cost of onboarding additional RP's
>> if I am acting as an IDP. All the RP needs to do (besides following a
>> best-practices secure deployment model) is define that they trust the IDP
>> (e.g. for OpenID define a trusted list of OP endpoints) and the IDP need do
>> nothing in particular.
>>
>> Sure, there are dynamic extensions to SAML like those defined by
>> Shibboleth for dynamic metadata sharing, but out-of-the-box nothing I've
>> been exposed to thus far quite matches the simplicity of the OpenID model.
>>
>> =shane
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081019/cca7c692/attachment-0002.htm>


More information about the general mailing list