[security] Gathering requirements for in-browser OpenID support
Pete Rowley
prowley at redhat.com
Tue Oct 31 18:07:07 UTC 2006
Chris Drake wrote:
> I maintain my position: MitM is not a protocol problem - it's a
> "stupid user" problem.
>
When word processors didn't ask if you wanted to save unsaved work when
you exited the application, was that a "stupid user" problem, or poor
human factors design? Personally, any time I hear "stupid user" I think
"bad design." It's the users we design for, if it doesn't work for them
we have failed.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20061031/c83e518b/attachment-0002.bin>
More information about the security
mailing list