[BNM] OpenID (was Upcoming Registration)
Jay Caines-Gooby
jay at gooby.org
Thu May 3 10:36:20 BST 2007
On 5/3/07, Dan Eastwell <daneastwell at gmail.com> wrote:
>
> What I'm not clear on about OpenID, is if someone knows your openID
> and you're logged in to your ID host on your openID delegate URL, can
> they not just type your openID into any site and create new accounts
> willy-nilly?
Nope, because your OpenID provider service will still ask you whether
to allow the new site you're trying to create an account for
(essentially its asking you "Do you trust this new site"), and to do
this you'll still need to enter your delegate password.
You need to turn things on their head a little to get how OpenID works.
By their very nature people *will* know your OpenID - for start it's
publically available on your delegate server or designated URL. You
can see mine in the <head> portion of http://jay.gooby.org
Just because you know my openid, doesn't mean you can do anything with
it. You don't know the password that only I and my openid provider
know.
Read Simon Willison's excellent introduction:
http://simonwillison.net/2007/Jan/10/account/
--
>> Sponsor Me! <<
54 miles from London 2 Brighton
http://bhf.org.uk/sponsor/jay
Jay Caines-Gooby
jay at gooby.org
+44 (0)7956 182625
skype:jaygooby
http://snipperoo.com
http://blog.snipperoo.com
http://payperwidget.com - widget distribution marketplace
More information about the BNMlist
mailing list. Powered by Wessex Networks