[security] Nonrepudiation, and Trusting OpenID Providers
Jacob Bellamy
toarms at gmail.com
Thu Dec 10 21:49:59 UTC 2009
This might be a silly question, but isn't the interactions between banks and
government inherently different from say, a users interaction with
livejournal? In the former case, security takes precedence, and in the
latter usability does. If a bank or government institution is an RP, then
they should have every right to demand you use an OP which they trust- and
if this is the case, then it is just a matter of using whitelists. Users
should be wary regardless of using the same identity which they would use to
log in to social networking sites, in the same manner in which they should
be wary of using the same password for their hotmail and for their bank.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20091211/f073084a/attachment.htm>
More information about the security
mailing list