So OpenID is good when security is of little importance? I'm not trying to be a pain, but the classic response to the trust argument is always that OpenID is meant for use cases where security isn't important.<div>
<br></div><div>The problem is that to every RP, security IS important. To them.</div><div><br></div><div>- Brandon<br><br><div class="gmail_quote">On Thu, Dec 10, 2009 at 4:49 PM, Jacob Bellamy <span dir="ltr"><<a href="mailto:toarms@gmail.com">toarms@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>This might be a silly question, but isn't the interactions between banks and government inherently different from say, a users interaction with livejournal? In the former case, security takes precedence, and in the latter usability does. If a bank or government institution is an RP, then they should have every right to demand you use an OP which they trust- and if this is the case, then it is just a matter of using whitelists. Users should be wary regardless of using the same identity which they would use to log in to social networking sites, in the same manner in which they should be wary of using the same password for their hotmail and for their bank. <div>
<br></div><div><br></div>
<br>_______________________________________________<br>
security mailing list<br>
<a href="mailto:security@lists.openid.net">security@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-security" target="_blank">http://lists.openid.net/mailman/listinfo/openid-security</a><br>
<br></blockquote></div><br></div>