katzj at redhat.com
Thu May 29 14:46:16 UTC 2008
Jeffrey Tadlock wrote:
>> The phishing problem isn't unique to OpenID.
> No, it isn't unique to OpenID - but it is certainly an area we should
> take into account before implementing OpenID.
> With all of that said - I like the OpenID idea. And we run other
> services that have potential exposure to security issues (ssh, just
> our normal FAS logins, etc) - but we do make efforts to protect those
> services to the best of our ability to reduce our risk.
... and we should actually look at using our SSL certs more for
authentication as opposed to requiring people to type their FAS password
all over the place. This is something I keep meaning to bring up but
then having other stuff come up instead.
But that's neither here nor there wrt OpenID
More information about the infrastructure