> With one developer resources website , i had to enter my OpenId which > wouldbe [EMAIL PROTECTED] and then the password.. I was redirected for > authentication(agreed) but in between, i did send my info to the site.. I > mean, from myside it would have been a mistake to trust the site.. But i was > just testing something out so thats ok.. >
OpenID is not supposed to work this way. The site which supports openid authentication never asks password. The way it works is like this. Let's see you need to login to ubuntu-in.org using openif provided by launchpad. 1. In the login box on ubuntu-in.org, you enter your launchpad openid. 2. You are redirected to launchpad. 3. If there is no existing session with launchpad, step 4 is executed else step 5 is executed. 4. Launchpad asks you for your username and password. 5. Launchpad asks whether you want ubuntu-in.org to identify you through launchpad. You also have options like only once or always. 6. Launchpad sends confirmation to ubuntu-in.org that you have been authenticated. 7. ubuntu-in.org creates a session for you. So no where in the process ubuntu-in.org asks you the password. Hope this helps. Onkar -- ubuntu-in mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
