[security] Nonrepudiation, and Trusting OpenID Providers
Shearer, Charles Dylan
cdsheare at nps.edu
Tue Dec 8 01:18:49 UTC 2009
Shade,
Thank you very much for the pointers -- I see we were thinking along the
same line.
Dylan
On 12/7/09 4:56 PM, "SitG Admin" <sysadmin at shadowsinthegarden.com> wrote:
>> This is because a relying party cannot tell the difference between a
>> user attempting to log in using his or her identifier, and the
>> user's OpenID provider spoofing that user to gain access to whatever
>> services the relying party provides to that user.
>
> This is correct, yes. See this post:
> http://lists.openid.net/pipermail/openid-general/2008-July/014536.html
> Also see David Fuelling's work on MultiAuth.
>
> -Shade
More information about the security
mailing list