OpenID Security

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Thu Feb 5 20:08:39 UTC 2009 

If your implementation is 100% open source, then you don't have to worry
about licensing as OWASP (http://www.owasp.org) will scan at no cost...

----------------------------------------------------------------------

Message: 1
Date: Fri, 6 Feb 2009 01:34:33 +0900
From: Nat Sakimura <sakimura at gmail.com>
Subject: Re: OpenID Security
To: "McGovern, James F (HTSC, IT)" <James.McGovern at thehartford.com>
Cc: specs at openid.net
Message-ID:
	<bf26e2340902050834ybf1ae5ara6b97aaac28cdd44 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

Yeah. Fortify is nice. I do not know what would be the licensing terms
now, but before, it used to have a "traveling" kind of license that
allowed consultants to do the evaluation for the projects of their
customers. It might be worthwhile for somebody like OIDF to buy a
license and run a certification program out of it. Of course, having
secure profile, which we do not have yet, is a prerequisite though.

=nat

On Wed, Feb 4, 2009 at 11:48 PM, McGovern, James F (HTSC, IT)
<James.McGovern at thehartford.com> wrote:
>  OpenID certainly has security features but are all the libraries out 
> there written to secure coding practices? Wouldn't it be great if all 
> the library creators could have their code reviewed for security 
> defects? Check out http://owasp.fortify.com/
> ************************************************************
> This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.
> ************************************************************
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>



--
Nat Sakimura (=nat)
http://www.sakimura.org/en/


------------------------------

_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs


End of specs Digest, Vol 30, Issue 7
************************************
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************

More information about the specs mailing list