Re: [IAEP] OpenID

[Martin Langhoff]

On Tue, Aug 19, 2008 at 7:57 AM, David Farning [EMAIL PROTECTED] wrote:
 We have a volunteer who runs a small openID business who is willing to
 help us migrate our logins to openID.  This migration has been on our
 infrastructure todo list for a couple of months.

I've been doing quite a bit of work on Single-sign-on schemes in the
last few years. OpenID on current webbrowsers is not a secure scheme.
Until we get OpenID-modified browsers, it is a phisher's attractor.

Look up Ben Laurie's dissection of it -- and for those who don't know
who Ben is, look him up too :-)

cheers,



m
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
IAEP -- It's An Education Project (not a laptop project!)
IAEP@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/iaep

Re: [IAEP] OpenID

[Martin Langhoff]

On Tue, Aug 19, 2008 at 8:03 AM, Benjamin M. Schwartz
[EMAIL PROTECTED] wrote:
 IMHO, the XS OpenID work would be very valuable; the others are not really
 important.

Note that all the OpenID discussions around the XS are based on the XO
having a modded Browse.xo that does authentication against the XS in a
non-password-based way.

Had a good discussion with Ivan on this a few months ago. The archives
will have it.

cheers,



m
-- 
 [EMAIL PROTECTED]
 [EMAIL PROTECTED] -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff
___
IAEP -- It's An Education Project (not a laptop project!)
IAEP@lists.sugarlabs.org
http://lists.sugarlabs.org/listinfo/iaep