Another solution that may present itself in the future (as
technology allows it) is the notion of a user becoming his/her own
OP.
And the geeks shall lead the way . . . seriously, it would help for
the specs to actively support this.
For example, I would love to run my OP on my smart-phone.
The problem with smart-phones is their routing: try to get a steady
IP address with them. XRI fails as a solution here, because it's like
tor2web; by proxying the key-based address, it replaces the
verification Tor applies when generating a .onion hash. Recognition
of key-based locations should be anticipatory, not reactive; users
already have a sense of security when they see a padlock icon (SSL!),
but the most they should assume from it is that they have a secure
connection to the MITM.
It's only on when I turn it on, and it tells me if somebody is
trying to login as me.
Assuming it's on and an attacker isn't spoofing the RP ;)
Also, see:
http://lists.openid.net/pipermail/openid-general/2009-May/018294.html
Apparently(?), the checkid_immediate spec calls for your OP/URI
maintaining impeccable uptime *and* responding to discovery at all
times.
-Shade
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
