[Opensim-dev] OpenID
Diva Canto
diva at metaverseink.com
Mon Mar 2 23:29:56 UTC 2009
Hurliman, John wrote:
> Do you make a habit of sending your credentials to websites without checking the hostname and ignoring invalid SSL certificate warnings? That will create a problem.
>
Yes, precisely -- a huge problem. Most people don't check those things
because they don't even know what they are. They are used to their
computer popping up random warning windows with technical jargon -- for
example when first running Second Life there are warnings about the
application trying to do things that are unsafe, etc, and people will
just click ok. It's 10x worse here than in email phishing scams, because
people know that they are going to be asked for their password -- that's
what it's supposed to do. So they will type it.
I'm just trying to understand the implications of these different
identity and authorization mechanisms, and I confess I am puzzled with
the suggestion that OpenID is a viable identity scheme beyond confined
networks of trust.
Crista
More information about the Opensim-dev
mailing list