So im sure alot of you have heard about OpenId, a universal login famework usable between social or user enabled websites.
Well whats your take on it?
Thoughts on OpenID
-
floodhound2
- ∑lectronic counselor
- Posts: 2117
- Joined: 03 Sep 2006, 16:00
- 17
- Location: 127.0.0.1
- Contact:
never trust one source
OpenID to me is not a good idea. I don't like the idea that all your accounts are protected by one entity. There was talk about a universal ID, sort of like a passport, driver's license, auto insurance, bank card, SS card, and maybe even medical history all in one card.
The same reason people should not use the same password for all online accounts, is the same reason why you should not keep all your valuable data on one card or network repository. If one website gets hacked or one card reader gets exploited, a criminal hacker has every account you had.
Also Identity theft would be too easy, you'd need to exploit one agency-the one that issues the all-access card, rather than going to the SS admin office for the SS card, Secretary of State,for a driver's license, and another for a bank account or insurance card. Each different agency, with their different policies and controls could trip up a person trying to steal another's ID.
anyways just my two bits.
DNR
The same reason people should not use the same password for all online accounts, is the same reason why you should not keep all your valuable data on one card or network repository. If one website gets hacked or one card reader gets exploited, a criminal hacker has every account you had.
Also Identity theft would be too easy, you'd need to exploit one agency-the one that issues the all-access card, rather than going to the SS admin office for the SS card, Secretary of State,for a driver's license, and another for a bank account or insurance card. Each different agency, with their different policies and controls could trip up a person trying to steal another's ID.
anyways just my two bits.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
user-centric thinking
An OpenID login is simply a URL such as http://DNR.myopenid.comOpenID is a Single Sign-on protocol that solves the problem of having an individual login and password for every website. With OpenID, a user can register once with am Idenitity Provider (IdP) of their choice and then use that login on all OpenID _enabled_ sites.
OpenID is considered 'decentralized' because the user can choose any IdP.
The URL identifies the IdP, myopenid.com
Certainly this is something to study if OpenID protocol is in use by large organizations, it is cross platform and several reputable coders are working on the idea. This is called "User-centric" kind of thinking, and certainly exploitableOpenID is increasingly gaining adoption among large sites, with organizations like AOL and Orange acting as a provider. In addition, integrated OpenID support has been made a high priority in Firefox 3[1] and OpenID can be used with Windows CardSpace, which is part of .NET Framework version 3.0 (the .NET Framework version 3.0 comes with Windows Vista by default and can be downloaded for Windows XP).
Check this pdf by blackhat
https://www.blackhat.com/presentations/ ... ich-WP.pdf
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.