[Opensim-dev] OpenID
Sean Dague
sdague at gmail.com
Tue Mar 3 21:05:15 UTC 2009
> this out there for real, with a 2.0 tag, without first understanding
> if/how people detect phishing in this particular context. There have
> been enough studies in the past about how normal people handle security=
> (or not) in practice, and the fallacies of designing systems assuming
> that people choose security over convenience.
>=20
> But hey -- I have no interest in the success or failure of the
> corporations that are pushing for this.
> I'll just stay here on my academic Ivory tower watching the phishing
> artists unwrap this wonderful present that is falling on their laps...
> http://marcoslot.net/apps/openid/
>=20
>=20
> And that's my last email about OpenID; case closed afaic, I'm too old
> and too cranky for these Web 2.0 experiments. I'd rather continue tryin=
g
> to solve the problem for real :-)
I guess the question is whether or not this is better or worse than
requiring new user account registration for systems, which inevitably is
people typing in the same passwords as they've used elsewhere.
While there are clearly ways to social engineer openid, I don't think
it's any worse than all the existing accounts. My openid account is on
a website that I definitely control, and know what my login form will
look like (and, honestly, am typically already logged into, which is
even better). Openid for me is way better than creating new acconts.
Those are general statements on the tech. How it fits in the opensim
space, I'll leave to others, because it may not be appropriate. But
make sure that if you are going to hold up openid to such a high
standard of social engineering, that you hold other methods to that as we=
ll.
-Sean
--=20
Sean Dague / Neas Bade
sdague at gmail.com
http://dague.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20090303/b0efd6f6/attachment-0001.pgp>
More information about the Opensim-dev
mailing list