MySpace OpenID Popup spotted in the wild
Johannes Ernst
jernst+openid.net at netmesh.us
Fri May 1 17:35:49 UTC 2009
On Apr 30, 2009, at 10:26, Chris Messina wrote:
> On Thu, Apr 30, 2009 at 2:08 AM, David Christiansen <openid-userexperience at davidchristiansen.com
> > wrote:
>
> Trying to maintain a 'Can Do Attitude' here but I have personal
> reservations about going back to the days of browser pop-up windows
> -...
>
> This is absolutely critical, as phishing attacks are as prevalent as
> ever and will becoming increasingly so ...
If we could get the browser developers to add anything we wanted to
their browsers, what *exactly* would we want them to implement?
This is not outlandish. The Mozilla folks asked repeatedly in the past
(and we never knew what to say in response) and the security of a
billion OpenIDs is not a set of user requirements that's easily
dismissed either.
It appears that it would be some kind of user interface element (think
"popup" for a minute) that could display the OP's authentication
ceremony. But where the browser would somehow "certify" that it was
not a phishing attempt and came from one of the user's trusted OPs. In
a way that is better than having the user to do a string compare on
the URL shown in the address bar.
What would such a user interface element look like? That's not limited
to what we can do without cooperation from the browser guys.
In Firefox, it could be sitting in the side bar for example. (where
the bookmarks are) Or ...?
Cheers,
Johannes.
Johannes Ernst
NetMesh Inc.
http://netmesh.info/jernst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20090501/736bd857/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20090501/736bd857/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20090501/736bd857/attachment-0005.gif>
More information about the user-experience
mailing list