[OpenID] Security related Use Cases?
Allen Tom
atom at yahoo-inc.com
Wed Oct 22 02:52:42 UTC 2008
OpenID does not specify how the user authenticates with their OP, so OPs
which support hooks for client side authentication seem to address your
concerns.
Allen
Ben Laurie wrote:
> So if we're going to embark on a UX consistency campaign, should we
> not do it around authentication that actually is safe - that is:
>
> a) Built in to the browser, s.t. it can't be faked by webpages
>
> b) Does not reveal the user's password in the process of authentication?
>
> Continuing to try to prop up the house of cards that is authentication
> on webpages seems counterproductive to me.
>
More information about the general
mailing list