trust_root
Johannes Ernst
jernst+lists.danga.com at netmesh.us
Wed Aug 30 19:58:09 UTC 2006
Which reminds me that I've never quite understood what the attack is
that the OpenID trust_root protects against. There seems to be no
mechanism by which the user (or the IdP) could force the RP to only
apply authentication to places covered by trust_root. And return_to
already to where the authentication assertion goes.
Anybody enlightened on this list who'd like to enlighten me? Thanks ...
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20060830/6924d020/lid.gif
-------------- next part --------------
http://netmesh.info/jernst
More information about the yadis
mailing list