[OpenID] Combining Google & Yahoo user experience research
SitG Admin
sysadmin at shadowsinthegarden.com
Tue Oct 21 00:33:55 UTC 2008
>A more realistic situation for your argument would be if *your* OP
>had a security flaw that allowed someone to access your account *as
>you* and gain access to all operations that only you ought to be
>able to do. In this case it could be argued that the bank is
>culpable; that would certainly make for an interesting court case.
>Logically though, it should be your OP that catches the liability in
>this case, assuming that they didn't disclaim responsibility in
>their terms of service as Yahoo! currently does.
Or you for insisting on using an IDP that wasn't on the RP's
"trusted" list; this was my suggestion, though I have no idea how
feasible it would be ;)
-Shade
More information about the general
mailing list