[security] [OpenID] Announcing OpenID Authentication 2.0 - Implementor's Draft 11
Dick Hardt
dick at sxip.com
Sun Jan 21 08:33:08 UTC 2007
On 21-Jan-07, at 12:29 AM, Ben Laurie wrote:
> On 1/19/07, Dick Hardt <dick at sxip.com> wrote:
>>
>> On 19-Jan-07, at 6:19 AM, Ben Laurie wrote:
>>
>> >
>> > Still totally unhappy about the phishing issues, which I blogged
>> > about here:
>> >
>> > http://www.links.org/?p=187
>>
>> There are numerous ways of solving this. Several standard methods can
>> solve it. It is a relationship between the user and the OP and the RP
>> is not party, so I don't think it belongs in the OpenID
>> Authentication specification.
>>
>> That does not mean it is not important, just that *this* spec is not
>> the right place.
>
> I think that's entirely wrong. The RP doesn't care at all about the OP
> - all the RP cares about is the end user.
>
> More importantly, I think I have a solution that will make both of us
> happy, but I now have to go and ride my motorbike fast, so I'll detail
> it later.
oh, yeah, sure tease us all that you have an answer then ride off
into the sunset!!!
(note I moved the thread to security at openid.net)
-- Dick
More information about the security
mailing list