Discovery of an OpenID session at an OP
Andrew Arnott
andrewarnott at gmail.com
Tue Dec 15 03:48:32 UTC 2009
Shade,
Just as an aside: do you know that saying "yes" to the save password prompt
can help protect you against phishing? If the browser auto-fills your
password on your *real* Provider, it won't do it on a fake copy. So it's a
clue to you that you're being phished.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Mon, Dec 14, 2009 at 7:40 PM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:
> Now the difficult part. We need the browser to maintain a list of the
>> user's OP's with their endpoints, and the browser can ask the user which OP
>> he would like to use.
>>
>
> With due privacy settings; most browsers prompt me before "saving" my
> password, GOOD browsers let me disable the prompt entirely since I know the
> answer will always be "no" ;)
>
>
> This can also be done if all OP's were to advertise to the browser, their
>> endpoints whenever a user creates a new account with the OP, or when the
>> user visits his home page at the OP. eg.
>>
>
> If my OP is only identifying *me*, does it still need to advertise a
> generic "all users" endpoint, or will this point be moot since all
> single-user OP libraries will act no differently than multi-user OP's?
>
> -Shade
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20091214/b45cb099/attachment.htm>
More information about the specs
mailing list