30 Jun 10:29
Re: [OpenID] Negotiating a backup OP from the current OP
From: Anders Feder <lists.anders <at> feder.dk>
Subject: Re: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-30 08:29:40 GMT
Subject: Re: [OpenID] Negotiating a backup OP from the current OP
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-30 08:29:40 GMT
man, 30 06 2008 kl. 00:35 -0700, skrev SitG Admin: > If the RP says "We need to do it this way." and the OP says "I have > this independent OP which meets your needs.", can the RP afford to > change its mind? +1. This is a good point. I think this protocol makes for a very balanced and transparent negotiation. Let's say the user has an OP that will expose any phishing attempts. The user attempt to log in to a phishers website. Now if the user is to say "here, I have this OP, does it meet your requirements?", the phisher will obviously just respond "no, I don't think its secure enough", cancel the login and its phishing activities go by undetected. But if the user can say "here, I have this phishing-resistant OP and I know it meets your specified minimum requirements, lets go" the RP is forced to either cancel the login, which will look odd and possibly ring the alarm bells, or use the secure OP which will expose the phishing attempt. -- -- Anders Feder <lists.anders <at> feder.dk> _______________________________________________ general mailing list general <at> openid.net http://openid.net/mailman/listinfo/general
RSS Feed