[security] Nonrepudiation, and Trusting OpenID Providers
SitG Admin
sysadmin at shadowsinthegarden.com
Fri Dec 11 04:51:22 UTC 2009
>The problem is that to every RP, security IS important. To them.
The *real* problem is their inevitable corollary: that convenience is
*more* important.
-Shade inserts an excerpt from the specs list below
At 5:43 PM -0800 12/10/09, Allen Tom wrote:
>If I was building an RP, I would definitely download and cache the profile
>image for the privacy and security reasons that you stated.
>
>However, many RPs have asked if they can directly link to the profile pic,
>because image hosting costs money, and downloading and caching requires work
>and effort. Also, some RPs would like to have the image automatically
>updated if the user changes it.
More information about the security
mailing list