| |||||||||||||
I don't get it ...I don't get it ...Posted Oct 5, 2006 12:47 UTC (Thu) by neiljerram (subscriber, #12005)Parent article: A look at OpenID
What prevents anyone else who knows your name from going to a website and giving the identity
?
- Neil
(Log in to post comments)
I don't get it ... Posted Oct 5, 2006 13:07 UTC (Thu) by steffen (subscriber, #23586) [Link] After entering your identity URL on site A you will be redirected to a site hosted by your identity provider. On this site you have to be logged in to confirm the request from site A.
I don't get it ... Posted Oct 11, 2006 10:26 UTC (Wed) by samj (subscriber, #7135) [Link] right, which is why it's interesting they enforce the syntax '$firstname.$lastname.myopenid.com' when in fact they do nothing to validate the name. presumably different IdP's could have different policies regarding this eventually... for example Thawte could set up an IdP based on their WoT which could potentially be trusted to provide this information, depending on the transaction.
I don't get it ... Posted Oct 12, 2006 20:40 UTC (Thu) by Acapnotic (guest, #869) [Link] It's true that the example text next to the Name field in myopenid's signup is "John Doe", but really you may put whatever you like in there. It doesn't "enforce" $firstname.$lastname by any means.
|
|||||||||||||