Items tagged openid in 2007
Filters: Year: 2007 × openid × Sorted by date
Anonymous OpenID. A mailinator-style service for OpenID. I’m glad someone’s built this; it reinforces the idea that an OpenID should not be trusted as an account without first using a verification step. # 21st January 2007, 2:03 am
Phishing and OpenID: Bookmarks to the Rescue? Ping extends my proposal to use bookmarks as the principle authentication mechanism, resulting in a system that is much easier for people to understand. # 21st January 2007, 1:36 am
XMPP OpenID server. An OpenID provider that sends you a Jabber message when you try to log in, to help guard against phishing. # 20th January 2007, 11:24 pm
I can also sum things up for you even more succinctly:
—users are task oriented, driving to complete the goal the
quickest way possible
—users pay more attention to the content area than the browser chrome
—users don’t understand how easy it is to spoof a website
— Mike Beltzner # 19th January 2007, 5:33 pm
Links to academic papers on phishing. Posted to the openid-general list by Mike Beltzner. # 19th January 2007, 5:32 pm
Solving the OpenID phishing problem
Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.
[... 531 words]Planet OpenID. Aggregating news about OpenID—surprisingly high traffic. # 18th January 2007, 12:04 am
OpenID users can be just as trusty as local users. Martin Atkins makes a similar argument to my own: OpenIDs are trustworthy, provided you subject them to the same authentication steps (CAPTCHA/e-mail validation) as regular users. # 16th January 2007, 11:13 am
Firefox3/Firefox Requirements (via) OpenID and CardSpace are both listed as mandatory features. # 11th January 2007, 6:56 pm
OpenID Speech at Webtuesday Zurich. Good set of slides, along with the tidbit that local.ch (which had slippy maps years before Google) is implementing OpenID. # 11th January 2007, 3:27 pm
An OpenID is not an account!
I’m excited to see that OpenID has finally started to gain serious traction outside of the Identity community. Understandably, misconceptions about OpenID continue to crop-up. The one I want to address in this entry is the idea that an OpenID can be used as a replacement for a regular user account.
[... 601 words]OpenID Questions. I’ve attempted to provide answers in the comments. # 9th January 2007, 11:46 am
OpenID for non-SuperUsers. Sam Ruby explains the key concepts of OpenID that many first-time users tend to miss. # 7th January 2007, 10:21 pm
DjangoID. Django-based OpenID server for hosting your own (or someone else’s) identity. # 7th January 2007, 9:54 pm
More home improvements
I’ve had an offline Christmas, not entirely through choice (broadband at my Dad’s new place in rural France isn’t working yet) but welcome. I did have my laptop with me, and I’m using Bazaar for version control so being offline isn’t a barrier to checking in code. I’ve just rolled out a bunch of new features that I put together over the past few days.
[... 514 words]