[security] security
James A. Donald
jamesd at echeque.com
Sat Oct 28 22:40:29 UTC 2006
Martin Atkins wrote:
> Eddy, I think we're just going to have to agree to
> disagree. I prefer the design principle of having lots
> of simple, focused components that solve only one
> problem.
In security, this approach is like building one wall of
a fort.
The wall has to go the whole way around, or else it just
is not a wall.
The architecture of Openid means that it is not in fact
practical to require good behavior of identity
providers. Therefore, when Openid reaches critical
bass, adversarial identity providers will appear,
created by spammers, and we have to prepare for that.
More information about the security
mailing list