Shade, Thank you very much for the pointers -- I see we were thinking along the same line.
Dylan On 12/7/09 4:56 PM, "SitG Admin" <[email protected]> wrote: >> This is because a relying party cannot tell the difference between a >> user attempting to log in using his or her identifier, and the >> user's OpenID provider spoofing that user to gain access to whatever >> services the relying party provides to that user. > > This is correct, yes. See this post: > http://lists.openid.net/pipermail/openid-general/2008-July/014536.html > Also see David Fuelling's work on MultiAuth. > > -Shade _______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
