[security] [OpenID] Announcing OpenID Authentication 2.0 - Implementor's Draft 11
Ben Laurie
benl at google.com
Sun Jan 21 18:46:18 UTC 2007
On 1/21/07, Dick Hardt <dick at sxip.com> wrote:
>
> On 21-Jan-07, at 12:29 AM, Ben Laurie wrote:
>
> > On 1/19/07, Dick Hardt <dick at sxip.com> wrote:
> >>
> >> On 19-Jan-07, at 6:19 AM, Ben Laurie wrote:
> >>
> >> >
> >> > Still totally unhappy about the phishing issues, which I blogged
> >> > about here:
> >> >
> >> > http://www.links.org/?p=187
> >>
> >> There are numerous ways of solving this. Several standard methods can
> >> solve it. It is a relationship between the user and the OP and the RP
> >> is not party, so I don't think it belongs in the OpenID
> >> Authentication specification.
> >>
> >> That does not mean it is not important, just that *this* spec is not
> >> the right place.
> >
> > I think that's entirely wrong. The RP doesn't care at all about the OP
> > - all the RP cares about is the end user.
> >
> > More importantly, I think I have a solution that will make both of us
> > happy, but I now have to go and ride my motorbike fast, so I'll detail
> > it later.
>
> oh, yeah, sure tease us all that you have an answer then ride off
> into the sunset!!!
>
> (note I moved the thread to security at openid.net)
Not sure I'm subscribed to that list - can I be?
>
> -- Dick
>
>
More information about the security
mailing list