On 7/10/07, Martin Langhoff <[EMAIL PROTECTED]> wrote: > Hi devel, hi server-devel, > > I am working on Moodle's openID auth plugin. While there is an openID > "plugin" of sorts for v1.6 I've reviewed it and it's less than > stellar, so I'm tackling a new one. > > Questions: > > - Are we still happy with OpenID -- is Ivan still happy with it? I've > done a bit of review of the protocol itself, and a quick chat with > Mark Piper here in NZ reinforced my concerns - the whole thing has > several weak points, a notable one being its blind trust of DNS. Will > DNS be reasonably stable/trustable in our network env?
The blind trust in the relying party is more of a concern to me: http://www.links.org/?p=187. > - Moodle will initially know how to behave as a client. Do we want it > to be an OpenID server too? I think we do but just to check where the > thinking is at. > > cheers, > > > martin > _______________________________________________ > Devel mailing list > [email protected] > http://lists.laptop.org/listinfo/devel > _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
