On Wed, Aug 13, 2008 at 10:53 PM, Parthan SR <[EMAIL PROTECTED]> wrote: > Jayanth S wrote: >> I have a small thought on OpenId.. Hope it turns out into a nice >> discussion.. Talking about OpenId service providers, there are quite a >> few.. EG: LiveJournal, LaunchPad, etc.. >> >> When a site says they allow the use of Open ID to authenticate >> yourself, people without much thought punch in their >> LiveJOurnal/Launchpad id and password.. There is a huge failure in >> this mechanism.. How do you ensure that there is absolutely no Man in >> the middle collecting your info?
I think we have a misunderstanding here. You will _not_ have to provide any password when a site says "LogIn using OpenID". You just have to paste a URL and then the user is redirected to the site of the OpenID provider where you choose to sign up (and hence you enter the password there). I think there is no question of middlemen here. If at all there is any such case, it is very much holds good when you are loggin in directly into the OpenID service provider (e.g. LiveJournal) >> >> Similarly, when you sign up for Twitter and other Web 2.0"So called" >> sites which let you invite your Gmail friends, people type their ids >> and passwords without thinking.. >> This is a problem and a known issue. Hence, you see some times this mailing list or several others getting... "Forbia has invited you to be his friend" kind of mails. (which clearly is a act of ignorance) Also another way out is to have seperate email ids for mailing list subscriptions (But thats another topic completely) I will be very interested in further discussions on this topic. Thanks for starting such a thread. Regards, Aanjhan -- ubuntu-in mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
