dumb clients a risk?

Carl Howells chowells at janrain.com
Wed Oct 5 18:47:28 PDT 2005


Zefiro wrote:

> If I understand this correctly, smart clients establish a connection to the identity server itself, agreeing on a shared secret.
> Dumb clients don't. Now assuming a malicious end user can control their user agent to go to a identity server of their choice,
> instead of the one the consumer thinks the user is going to, and they have their own identity server set up which validates
> whatever identity they want to have - which should be possible, since in the identity there is no shared secret with the server
> - then they could log in to any dumb mode client with any identity they want. Because, again as far as I understood the scheme,
> the dumb client completely relies on anything the client provides it with.

This is where you've misunderstood the protocol.  When dumb mode is 
being used, the last step is a call from the consumer directly to the 
server.  The consumer asks the server if it sent the given 
authorization, which the server can confirm or deny.  There is a direct 
connection from the consumer to the server in dumb mode.  It's not a 
scheme that's that badly designed.

Carl


More information about the yadis mailing list