Simon Willison’s Weblog

Subscribe

7 items tagged “whitelisting”

2008

Clearing up inaccuracies about the Google OpenID IDP launch. Google took some undeserved flack when they launched their OpenID provider. For the record, whitelisting providers fits my definition of the “Open” in OpenID perfectly (providers and consumers are free to impose whatever policies they like). # 8th November 2008, 11:11 pm

Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http:// and https:// instead. # 30th June 2008, 3:57 pm

OpenID and Spam. Matt Mullenweg: “OpenID has a ton of promise for the web—let’s not hurt it by setting people up for disappointment by telling them it’s a spam blocker when it’s not.” True for the case of general registration, but I still believe whitelisting known OpenIDs could be a powerful tool for fighting spam on personal sites. # 2nd April 2008, 7:33 pm

2007

Crowd 1.1.0 Release Notes. Atlassian software are now offering a commercial OpenID provider, with the ability to hook in to an existing LDAP directory and some smart whitelist / blacklist options. # 21st June 2007, 8:29 am

Six cool things you can build with OpenID

I’ve posted the slides from my Future of Web Apps talk on OpenID, minus the demo videos. I’m planning to put together a video that combines the slides, demos and audio once the official podcasts have been published.

[... 816 words]

Group Membership Protocol. Martin Atkins’ proposal for a simple “is OpenID X a member of group Y?” protocol, useful for whitelists that can scale to handle large numbers of entries. # 22nd January 2007, 8:27 am

Social whitelisting with OpenID

A key feature of OpenID is that it provides a globally unique identifier for every user, no matter what site or service they are using on the Web.

[... 502 words]