On Tue, Aug 19, 2008 at 7:57 AM, David Farning <[EMAIL PROTECTED]> wrote: > We have a volunteer who runs a small openID business who is willing to > help us migrate our logins to openID. This migration has been on our > infrastructure todo list for a couple of months.
I've been doing quite a bit of work on Single-sign-on schemes in the last few years. OpenID on current webbrowsers is not a secure scheme. Until we get OpenID-modified browsers, it is a phisher's attractor. Look up Ben Laurie's dissection of it -- and for those who don't know who Ben is, look him up too :-) cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ IAEP -- It's An Education Project (not a laptop project!) IAEP@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/iaep
