In addition to IDPs implementing MFA, RPs can layer MFA on top of OpenID if desired. Banks are using a combination of username/password with OTPs, challenge questions, PINs, etc.
Cheers, Brian *Brian Kissel <http://www.linkedin.com/in/briankkissel>* e: [email protected] <[email protected]> | w: 503-488-6754 x45 | m: 503-342-2668 | f: 503-296-5502 Follow Us: Facebook <http://bit.ly/9CGHdf> | Twitter<http://bit.ly/9umxlK> | LinkedIn <http://bit.ly/a7WZMC> | Blog <http://bit.ly/cv3WGH> 519 SW 3rd Ave, Suite 600, Portland, Oregon 97204 ---------------------------------------------------------------------------------------------------------------------------- *Improve online ROI, engage your users, and build your brand with Janrain** . **Watch the Video <http://bit.ly/99jJ1w>**.* *From:* John Bradley [mailto:[email protected]] *Sent:* Thursday, October 14, 2010 7:14 PM *To:* [email protected] *Cc:* [email protected]; Don Thibeau (OIDF ED); Brian Kissel *Subject:* Re: [OpenID board] W3C's Social Web XG Final Report That is a problem for all redirect protocols, and has nothing to do with openID directly. Each Identity service provider has many options to eliminate phishing attacks. Many providers offer there customers those choices now. John B. On 2010-10-14, at 9:27 PM, Nat Sakimura wrote: Looks like we have to submit some kind of comment by this Friday. OpenID mentioned as "Phishing Heaven" is not good. Don, could you get in touch with them to fix those paragraphs? I will try to send my personal comments as well. Here is the problematic sentence: As a server-side solution, OpenID and successor technologies have the advantage of only relying on server-side HTTP redirects, and so in general works independent of browsers. Very seriously, OpenID 2.0 Authentication does not require relying parties to validate, and so has been described as phishing heaven <http://www.links.org/?p=187>, since it allows any OpenID-enabled site to redirect a user to a fake OpenID provider, that then steals the user's credentials. On Thu, Oct 14, 2010 at 10:57 AM, Nat Sakimura <[email protected]> wrote: I just stumbled upon this document "Final Report - Social Web XG Wiki " http://www.w3.org/2005/Incubator/socialweb/wiki/FinalReport#Identity Perhaps we should locate a volunteer to help them write more accurately about OpenID? -- Nat Sakimura (=nat) http://www.sakimura.org/en/ http://twitter.com/_nat_en -- Nat Sakimura (=nat) http://www.sakimura.org/en/ http://twitter.com/_nat_en _______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
