Flaws of OpenID

Published on 3 Dec 2008. Tagged with security, openid.

Stefan Brands wrote a post about the flaws and security issues of the OpenID protocol. His conclusion:

Now, mind you, it IS possible to do a drastic overhaul of OpenID so that it will be possible to provide multi-party security and privacy. Doing so would amount in essence to discarding most of the OpenID work, keeping only the notion that in some cases it might be useful for individuals to facilitate "identity provider discovery" by providing a URL.

Do not miss the discussion in the comments (especially the response post by David Recordon).