[security] Must to have for an Open ID Provider
John Bradley
ve7jtb at ve7jtb.com
Tue Mar 23 15:44:02 UTC 2010
That is a big question.
Are you developing you own library?
Are you becoming a service provider?
OSIS provides a number of protocol type tests for interoperability and security.
http://osis.idcommons.net/wiki/Main_Page
http://test-id.org
The US Government has a published profile for openID.
http://www.idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
If you are looking for general general information around running an IdP, that depends on a lot of things.
The Kantara Identity Assurance framework may provide some insight, but is geared towards commercial IdP rather than Web 2.0.
John Bradley
On 2010-03-23, at 7:36 AM, Jaideep Khandelwal wrote:
> Hello everyone,
>
> I have few queries that I need to ask ,
>
> What are the security concerns that should be kept in a mind while developing your own Open ID provider and what are the ways to check all the security aspects .
> Can some one suggest some of the NOT SO FAMOUS Open ID providers but providing the end users a sense of security.
> Some links and resources will be helpful and appreciated
>
> Thanks
>
> Regards
> Jaideep
> _______________________________________________
> security mailing list
> security at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-security
More information about the security
mailing list