Home > Archive > 2008 > December

Flaws of OpenID

By Marc Ermshaus on Wednesday, December 3, 2008 at 11:24 pm.

Stefan Brands wrote a post about the flaws and security issues of the OpenID protocol. His conclusion:

Now, mind you, it IS possible to do a drastic overhaul of OpenID so that it will be possible to provide multi-party security and privacy. Doing so would amount in essence to discarding most of the OpenID work, keeping only the notion that in some cases it might be useful for individuals to facilitate "identity provider discovery" by providing a URL.

Do not miss the discussion in the comments (especially the response post by David Recordon).

Add new comment

Name*:

Please leave the following field empty:

E-Mail:

Website:

Message*:

Please use HTML for formatting. Allowed tags:
<a href="">, <blockquote cite="">, <em>, <ul>, <ol>, <li>, <pre>, <strong>, <![CDATA[ … ]]>

<p> tags will be added automatically.

All comments are published under the CC BY-SA license.