On Tue, Aug 19, 2008 at 7:57 AM, David Farning [EMAIL PROTECTED] wrote:
We have a volunteer who runs a small openID business who is willing to
help us migrate our logins to openID. This migration has been on our
infrastructure todo list for a couple of months.
I've been doing quite a bit of work on Single-sign-on schemes in the
last few years. OpenID on current webbrowsers is not a secure scheme.
Until we get OpenID-modified browsers, it is a phisher's attractor.
Look up Ben Laurie's dissection of it -- and for those who don't know
who Ben is, look him up too :-)
cheers,
m
--
[EMAIL PROTECTED]
[EMAIL PROTECTED] -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
___
IAEP -- It's An Education Project (not a laptop project!)
IAEP@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/iaep