Trust/threat model for OpenID

Timothy Parez timothyparez at
Fri Jul 28 16:41:24 UTC 2006

So, all OpenID does is identify someone, but it doesn't actually authenticate the identification?
And there's no way (built in) to verify the authenticity of the identification, then what is the use of OpenID all together... ? (if this is 100% true/correct)


-----Original Message-----
From: yadis-bounces at [mailto:yadis-bounces at] On Behalf Of Thomas Broyer
Sent: vrijdag 28 juli 2006 14:52
To: yadis at
Subject: Re: Trust/threat model for OpenID

2006/7/28, Timothy Parez:
> OpenID handles authentication, authorization is totally up to you.

No, OpenID handles identification, not even authentication.

Thomas Broyer

More information about the yadis mailing list