On Tue, 2008-08-19 at 08:08 +1200, Martin Langhoff wrote: > I've been doing quite a bit of work on Single-sign-on schemes in the > last few years. OpenID on current webbrowsers is not a secure scheme. > Until we get OpenID-modified browsers, it is a phisher's attractor. > > Look up Ben Laurie's dissection of it -- and for those who don't know > who Ben is, look him up too :-) > Some links about Ben.
http://en.wikipedia.org/wiki/Ben_Laurie http://www.links.org/?p=187 Martin, Seth is this something you would like to follow up on? If not, I will let him know and move the openid task from our todo to our deferred list. thanks dfarning _______________________________________________ IAEP -- It's An Education Project (not a laptop project!) IAEP@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/iaep