Mark Atwood (fallenpegasus) wrote,
Mark Atwood
fallenpegasus

OpenID security analysis at last Ignite Seattle

At the Ignite Seattle a few days ago, a very hyperactive guys, Mark Novak of Microsoft, "broke" OpenID in a dizzying flickering of slides. As best I can tell, the basis of the "break" is that if your OpenID provider becomes evil, they can start impersonating you.

That seemed pretty obvious to me when I first had OpenID described to me. And thus, while I've signed up with over a half dozen providers, when I do use OpenID, I use myself. You can install a PHP that acts as a single person OpenID provider.

If I have to worry about me stealing my own online identity, and going around pretending to me, I have bigger problems than just data security protocols...
Tags: geek, openid
Subscribe
  • Post a new comment

    Error

    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 2 comments