On Thu, Mar 27, 2008 at 7:47 AM, Razi Shaban <razishaban@gmail.com> wrote:
On 3/27/08, Babu.N <babun@intoto.com> wrote:
>
> Yes, it is difficult to configure it for supporting sites.
>
> But it does save us from registering at multiple webistes &
> remembering the passwords of each of them.
It also makes it that much simpler for a malicious user to gain access
to every account you have after getting the password for only one.
But it also makes it easier to use stronger authentication. Nobody
would want to put up with, say, tokens or client certificates for
*every* website they use. For your online banking, maybe, but not for
your email and your blog and 20 random forum websites. But if you only
have to sign in once, your tolerance for security measures should go
up.
My main question, without having looked into it yet, is what kind of
protocols this uses. There is already SAML, for instance. Has OpenID
invented yet another way to do SSO, or are they using an existing
method?
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed? What
tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
