Hi. I'm quite new to this whole OpenID thing, though I do find the idea in itself to be wonderful. Since every little blog and photo gallery nowadays seems to require subscriptions, I've more or less given up on the password front...<br>
<br>Anyhow, forgive me if it has been covered before, but, I tried searching the web for three hours and couldn't find an answer, so, I thought I should ask here for a concise explanation.<br><br>My first question is regarding the Phishing attacks that are mentioned at Wikipedia [1] - Are they still valid or is it just FUD that has been floating around since an old version of the standard?<br>
<br>And second - While I know Man-In-The-Middle between user and OpenID-provider is quite easy to stave off, what about OpenID-provider and the website I'm trying to log in to? Whenever man-in-the-middle discussion about this appears, it's always in the form of User-to-OpenID-Provider, not the other way around.<br>
<br>If someone could take the time to explain this to me (or point me in the direction of an FAQ), so I could convince my boss to allow OpenID logins, I'd be very grateful. ^^<br><br>Oh, and is there some sort of community icon for OpenID I could use, to show that our website does indeed support OpenID?<br>
<br>Regards,<br>Per Ekström<br><br>[1] <a href="http://en.wikipedia.org/wiki/OpenID">http://en.wikipedia.org/wiki/OpenID</a><br>