?

Log in

No account? Create an account
entries friends calendar profile My Website Previous Previous Next Next
Mark Atwood
fallenpegasus
fallenpegasus
OpenID security analysis at last Ignite Seattle
At the Ignite Seattle a few days ago, a very hyperactive guys, Mark Novak of Microsoft, "broke" OpenID in a dizzying flickering of slides. As best I can tell, the basis of the "break" is that if your OpenID provider becomes evil, they can start impersonating you.

That seemed pretty obvious to me when I first had OpenID described to me. And thus, while I've signed up with over a half dozen providers, when I do use OpenID, I use myself. You can install a PHP that acts as a single person OpenID provider.

If I have to worry about me stealing my own online identity, and going around pretending to me, I have bigger problems than just data security protocols...

Tags: ,

2 comments or Leave a comment
Comments
mauser From: mauser Date: April 10th, 2007 06:07 am (UTC) (Link)
Gee, I'd say the risk is about the same as Microsoft's "Passport" system....

So's the functionality, come to think of it.

So no wonder someone from M$ would come along trying to spread FUD about the open source version of something they have.
gipsieee From: gipsieee Date: April 10th, 2007 07:05 pm (UTC) (Link)
"If I have to worry about me stealing my own online identity, and going around pretending to me, I have bigger problems than just data security protocols..."

Thank you, this very nearly had me doubled over laughing.
Hugs!
2 comments or Leave a comment