[security] Nonrepudiation, and Trusting OpenID Providers
Allen Tom
atom at yahoo-inc.com
Thu Dec 10 03:56:38 UTC 2009
So once banks accept OpenID, banks will require that OPs authenticate users
using ³strong auth², using mechanisms that are agreed upon by both the the
OP and the bank.
Allen
On 12/9/09 7:46 PM, "Brandon Ramirez" <brandon.s.ramirez at gmail.com> wrote:
>
>
> In other words, I personally trust Google not to reset my passwords. My bank,
> however, why should they trust Google? Or Joe-Shmo-Provider?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20091209/42ab2370/attachment.htm>
More information about the security
mailing list