[sldev] OpenID vs. current proposal vis a vis security

Harold Brown labrat.hb at gmail.com
Sat Sep 29 23:15:36 PDT 2007


You're right.  OpenID will not be any better then what LL's proposed.  You
still have a login and password that will have to be entered somewhere.  And
by all rights OpenID can be a greater security risk then the Authentication
Method proposed as you may have many other sites tied to that OpenID.



On 9/29/07, Rob Lanphier <robla at lindenlab.com> wrote:
>
> Hi all,
>
> Thanks for posting this;
> https://wiki.secondlife.com/wiki/Viewer_Authentication_Critique
>
> The proposal raises, among other things, OpenID as a possible solution.
> This is something that has been kicked around at Linden Lab, and we may
> well get around to implementing it one of these days.
>
> Let's say we did implement an OpenID Identity Provider, and switched the
> viewer to instead require OpenID (making the viewer act as both a
> relying party and a user agent).  Would that be more secure than the
> current proposal?  If so, why?  It seems to me many of the criticisms
> associated with this current proposal would also apply to moving to
> OpenID.
>
> Rob
>
>
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070929/58047378/attachment.htm


More information about the SLDev mailing list