Karl Goetz wrote: > > Read http://en.wikipedia.org/wiki/OpenID#Security_and_phishing . > > Please read references too. You ask for information, so read and > > understand all them.
> [1] I won't have time to read the related references until next week. The projects are not in a hurry. > > Do you know any bank which offer OpenID as authentication mechanism? > > Realize a good analysis please. > > If your referring to your bank metaphor when you say "Realize a good > analysis please", no, I do not think this is good analysis. I tried to show an evidence of OpenID being bad at security showing the fact that _any_ bank use OpenID to authenticate their users. Banks take security seriously because there is money involved. I used such example because I had no time to explain, that is to say repeat here again, its weakness, an because there is sources out there which you must use to do _your own_ analysis. -- As usual I could be mistaken. Please let me know.
