[sldev] OpenID vs. current proposal vis a vis security
Rob Lanphier
robla at lindenlab.com
Sat Sep 29 21:22:38 PDT 2007
Hi all,
Thanks for posting this;
https://wiki.secondlife.com/wiki/Viewer_Authentication_Critique
The proposal raises, among other things, OpenID as a possible solution.
This is something that has been kicked around at Linden Lab, and we may
well get around to implementing it one of these days.
Let's say we did implement an OpenID Identity Provider, and switched the
viewer to instead require OpenID (making the viewer act as both a
relying party and a user agent). Would that be more secure than the
current proposal? If so, why? It seems to me many of the criticisms
associated with this current proposal would also apply to moving to OpenID.
Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070929/91b72561/signature.pgp
More information about the SLDev
mailing list