[SGVLUG] "phising" for OpenID's
Sean O'Donnell
sean at seanodonnell.com
Thu May 17 15:24:05 PDT 2007
Emerson, Tom (*IC) wrote:
> Don't you just hate it when you buy some new piece of hardware, find it
> "doesn't quite work", and the vendor/support website has a typical
> "PHP:BB" forum that you have to register yet another [throwaway] account
> that you'll forget in a weeks time?
>
> Well, there is a (grass roots?) movement out to create something known
> as an "openID" [http://openid.net]
I have mixed feelings about the whole OpenID service, or even using an
API from some monolith (aol, yahoo, google, etc.), if they were/are
available.
Goods:
1) great solution for users with memory recollection issues (like myself).
2) great for site owners who wish to attract a wider audience of users
with memory recollection issues.
Bads:
1) privacy - it allows the service provider to track which sites you
visit/log-in@/etc.
2) security - all it takes is 1 compromise of your account to allow some
would-be attacker to access your info from all of those openid-supported
sites.
I'm sure the goods outweigh the bads, but I'm still skeptical.
>From a development stand-point, it sounds like a fun project though,
regardless. =)
--
Sean O'Donnell
South Pasadena, CA
sean at seanodonnell.com
http://seanodonnell.com
PGP Public Key ID: 0xF57FB9E5
PGP Public Key Server: http://pgp.mit.edu
*The important thing is not to stop questioning. Curiosity has its own
reason for existing.*
More information about the SGVLUG
mailing list