tag:blogger.com,1999:blog-12447072.post2591408632919321290..comments2024-02-13T08:56:52.521-05:00Comments on ConnectID: How can this be?Paul Madsenhttp://www.blogger.com/profile/08489111023182783403noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-12447072.post-32906742494561112252007-01-13T15:42:00.000-05:002007-01-13T15:42:00.000-05:00Suppose a site admin accidentally discovered a sec...Suppose a site admin accidentally discovered a security vulnerability in an imaginary IdP. How would he secure his site?<br /><br />As the creator of phpbb-openid, I fully agree with Evan. I had the IdP blacklist/whitelist capability built into it, as it was essentially similar to the email blacklist/whitelist readily available in phpBB.damnianhttps://www.blogger.com/profile/17960006117774566655noreply@blogger.comtag:blogger.com,1999:blog-12447072.post-44464969572904096532006-12-23T00:29:00.000-05:002006-12-23T00:29:00.000-05:00As the creator of the extension in question, I'll ...As the creator of the extension in question, I'll say this: if I am turning over some of my site's security decisions to a third party, I damn well better have the right to blacklist and whitelist which of those third parties I entrust those decisions to.<br /><br />For Wikitravel, in particular, I have yet to need to blacklist anyone, but I'd much rather have the option in a configuration file Anonymoushttps://www.blogger.com/profile/14422595872136269161noreply@blogger.comtag:blogger.com,1999:blog-12447072.post-827721265345262702006-12-20T10:04:00.000-05:002006-12-20T10:04:00.000-05:00Apologies, I didn't catch the rhetoric in the post...Apologies, I didn't catch the rhetoric in the post.<br /><br />As a newcomer in this field, I have been elated to see the escalation in ID federation technologies, though mentality you mention has been particularly troubling. (Thus my motivation to post on this entry) It is somewhat reassuring to see the pragmatism in some of the implementation, though.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-12447072.post-85124102262674857632006-12-20T09:39:00.000-05:002006-12-20T09:39:00.000-05:00Anon, I agree completely. But some within the Open...Anon, I agree completely. But some within the OpenID community appear to see this progression as breaking the 'spirit' of OpenID. <br /><br />Personally, I think 'relevance and scope' will win out over 'spirit'.<br /><br />thanksPaul Madsenhttps://www.blogger.com/profile/08489111023182783403noreply@blogger.comtag:blogger.com,1999:blog-12447072.post-25890457988022692832006-12-20T09:35:00.000-05:002006-12-20T09:35:00.000-05:00Isn't this accepted as inevitable? With the specte...Isn't this accepted as inevitable? With the specter of spammer-hosted IDPs routinely discussed in the context of OpenID security concerns, such a explicit trust definition seemed to be a forgone conclusion.Anonymousnoreply@blogger.com