[security] passing password on identification request?
John Bradley
ve7jtb at ve7jtb.com
Thu Oct 15 15:54:39 UTC 2009
You can have the user authenticate to the oAuth provider via openID if
it is a condition of the grant:)
That may be the best way to do it anyway depending on how the app is
configured.
John B.
On 2009-10-15, at 12:00 PM, Anthony Brassac wrote:
> Thanks all for your replies, oAuth looks like it could do it for us,
> however it seems management had agreed upon using OpenID (research
> grant related I think), so I'll have to see what gives. Anyway, I
> appreciate your support.
>
> On Wed, Oct 14, 2009 at 1:47 AM, SitG Admin <sysadmin at shadowsinthegarden.com
> > wrote:
> Users giving there passwords to RPs is what openID is trying to
> prevent.
> That is why passwords are not supported in the redirect.
>
> Hmm . . . minor clarification here, though: users giving passwords
> *their passwords for the OP* (or otherwise transmitting "in the
> clear") is not compatible with OpenID.
>
> If the RP wants to ask for another password (one local to that
> system), e.g. for rarely invoked high levels of access, it *might*
> be compatible with OpenID (depends on the exact use, but isn't
> automatically NOT compatible).
>
> The description Anthony gave sounds vaguely like Kerberos (from the
> MIT dialogue), but my mind is stuffed full of other things right now
> and I get a bit of a headache just getting some meaning out of
> roughly half of it (the rest seems beyond me tonight).
>
> -Shade
>
> _______________________________________________
> security mailing list
> security at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20091015/51afbd74/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2468 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20091015/51afbd74/attachment.bin>
More information about the security
mailing list