Trust/threat model for OpenID

Timothy Parez timothyparez at linux.be
Fri Jul 28 16:41:24 UTC 2006


So, all OpenID does is identify someone, but it doesn't actually authenticate the identification?
And there's no way (built in) to verify the authenticity of the identification, then what is the use of OpenID all together... ? (if this is 100% true/correct)

Tim.

-----Original Message-----
From: yadis-bounces at lists.danga.com [mailto:yadis-bounces at lists.danga.com] On Behalf Of Thomas Broyer
Sent: vrijdag 28 juli 2006 14:52
To: yadis at lists.danga.com
Subject: Re: Trust/threat model for OpenID

2006/7/28, Timothy Parez:
> OpenID handles authentication, authorization is totally up to you.

No, OpenID handles identification, not even authentication.

-- 
Thomas Broyer




More information about the yadis mailing list