[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-users] single sign-on

From: Sylvain Beucler
Subject: Re: [Savannah-users] single sign-on
Date: Fri, 31 Jul 2009 23:36:24 +0200
User-agent: Mutt/1.5.20 (2009-06-14)

On Fri, Jul 31, 2009 at 05:49:30PM +0100, Davi Diaz wrote:
> Karl Goetz wrote:
> > OpenID consumer support?
> No, please!  It is weak in security. I would like do not have to repeat here 
> the discussion with dachary at IRC about the security weakness of the OpenID 
> standard.
> Please, do not build infrastructures on weak bases!

<police mode>

- when things are moving off-topic, please change the subject

- back up your claims

</police mode>

Last time I discussed OpenID I understood it was an evolving
technology, so facts from 1 or 2 years ago probably don't apply
anymore, and was otherwise secure. AFAIU the main weakness would be a
use of shared-key cryptography on the first sp<->idp connection - are
you refering to that?.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]