A few days ago, BMW ConnectedDrive feature revealed a security hole that doors of the cards with the feature can be opened by a smartphone. Not sure what they were doing, but from the press, I read that they fixed it by using HTTPS, so it sounds like they were sending a bearer token in the clear.
People like us, who is in the wild wild west of the internet knows quite well that's something you do not want to do, but it seems it is not quite well known outside. So, W3C starting work on the subject is very welcome. At the same time, we may want to liaise with them about what we do so that we can feed OpenID Connect etc. to them. Anyone interested in doing it? -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
