[security] Username / password etc. is out of scope for OpenID
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Thu Oct 26 00:09:12 UTC 2006
Gabe Wachob wrote:
> I 100% agree with Pete here.
>
> OpenID is, from an RP's POV, an authentication outsourcing protocol.
>
Absolutely! The relying party (RP) is relying first of all on this. All
other extensions mentioned and designed are currently optional. This is,
what OpenID is all about: AUTHENTICATION!
> >From a user's POV, it's an authentication reuse protocol.
>
> But it's definitely NOT an authentication protocol... in fact authentication
> is totally optional. And that's a feature! At least for now...
>
Which is one of the major problems we pointed out...So how can this part
be out of the scope of the OpenID SPECS?
> -Gabe
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/59934260/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eddy_nigg.vcf
Type: text/x-vcard
Size: 636 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/59934260/attachment-0002.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7282 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061026/59934260/attachment-0002.bin>
More information about the security
mailing list