[security] How secure is open id?

[SitG Admin]

>What measures have you implemented to prevent your own database from 
>being hacked?  

None.

OpenID is a technique, not a 3rd-party provider. We do not hold the 
identity data of everyone using OpenID, indeed we encourage everyone 
to find someone (else) THEY trust (or to be responsible for their own 
data, not entrusting it to anyone else). This is not a single, 
ultra-secure data center such as your company (GlassHouse) might 
provide; it is a distributed, decentralized assortment of data 
residing on servers that might or might not be online at any given 
moment. Generally they are, but given that the structure of OpenID 
would permit all other users to be unaffected if a single user's 
dedicated OP went offline, what do you think of taking OP's offline 
when unneeded, as a defensive measure against hacking?

>I did not notice any major banks or government bodies ( IE my really 
>important data) using open id, why is this?

You're living in the wrong country?

It took decades(!) for *seatbelts* to be implemented by a major 
American automobile manufacturer (Saab), and that technology had 
already proven its worth among pilots. Once widely available, 
however, their popularity had attained "critical mass" and mass 
adoption swiftly followed in the years to come. OpenID has not 
reached this point in the 2.5 years since being invented, so it's 
understandable that it hasn't automatically been accepted in such 
high-level institutions the world over. If you don't want to wait a 
few more years before using it with your really important data, check 
with Nat Sakimura about moving to Japan (the top bank of which has 
already joined the Foundation there).

-Shade resists panic through Tea