Trust/threat model for OpenID

David Strauss mailinglists at
Fri Jul 28 14:51:05 UTC 2006

Yes, I've done such an analysis. I used what's called "BAN logic." It's
a formal academic notation for analyzing security protocols and whether
their assumptions (of various types) are justified.

The biggest hole is when the identity URL page is fetched without SSL
(or any other signing protocol).

I have a half-written paper on the BAN analysis I performed. I'll finish
it if anyone's interested.

David Strauss

Gabe Wachob wrote:
> Has someone written up a trust/security model for OpenID (ie who
> trusts who for what, and what the threats are to the parties
> involved?)
> I'm not sure what assumptions are being made about the participating
> parties so I'm not terribly comfortable assessing its use for a
> variety of environments other than things like SSO to livejournal for
> posting comments ;-)
>    -Gabe

More information about the yadis mailing list