Mark Atwood (fallenpegasus) wrote,
Mark Atwood

OpenID security analysis at last Ignite Seattle

At the Ignite Seattle a few days ago, a very hyperactive guys, Mark Novak of Microsoft, "broke" OpenID in a dizzying flickering of slides. As best I can tell, the basis of the "break" is that if your OpenID provider becomes evil, they can start impersonating you.

That seemed pretty obvious to me when I first had OpenID described to me. And thus, while I've signed up with over a half dozen providers, when I do use OpenID, I use myself. You can install a PHP that acts as a single person OpenID provider.

If I have to worry about me stealing my own online identity, and going around pretending to me, I have bigger problems than just data security protocols...
Tags: geek, openid

  • Razors

    I'm getting ads for I think five different "all metal" "get the best shave of your life" "throw away the plastic" razor startups. They all seem to be…

  • Doing what needs to be done

    On May 1st, one of my co-residents found one of the feral rabbits that live in the area cuddled up against a corner of the house. It was seriously…

  • The CTO of Visa, after listening to me present

    Some years ago, I was asked to travel to the corporate meeting center to present at a presentation-fest to the CxO staff of Visa. Yes, the one with…

  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded