Comments on: Making the browser OpenID-aware http://aralbalkan.com/1283 Passionate geekisms. Sun, 21 Mar 2010 10:01:24 -0700 http://wordpress.org/?v=2.8.5 hourly 1 By: Jonathan http://aralbalkan.com/1283/comment-page-1#comment-134506 Jonathan Wed, 09 Apr 2008 01:34:14 +0000 http://aralbalkan.com/1283#comment-134506 Check out OpenID Seatbelt: https://pip.verisignlabs.com/seatbelt.do This is the plugin for Firefox that allows you to use OpenID while browsing. Check out OpenID Seatbelt:

https://pip.verisignlabs.com/seatbelt.do

This is the plugin for Firefox that allows you to use OpenID while browsing.

]]> By: Aaron Klemm http://aralbalkan.com/1283/comment-page-1#comment-132058 Aaron Klemm Wed, 02 Apr 2008 00:06:52 +0000 http://aralbalkan.com/1283#comment-132058 The idea you're describing is very important and should help OpenID uptake a lot. http://en.wikipedia.org/wiki/Windows_CardSpace is an existing potential solution. iirc, there is an implementation for the Mac and an open source equivalent for linux and others. Hopefully a fully usable solution comes out of that space with OpenID support. Cheers, ak The idea you’re describing is very important and should help OpenID uptake a lot. http://en.wikipedia.org/wiki/Windows_CardSpace is an existing potential solution. iirc, there is an implementation for the Mac and an open source equivalent for linux and others. Hopefully a fully usable solution comes out of that space with OpenID support.

Cheers,

ak

]]> By: David Arno http://aralbalkan.com/1283/comment-page-1#comment-131864 David Arno Tue, 01 Apr 2008 11:43:12 +0000 http://aralbalkan.com/1283#comment-131864 OpenID is far from perfect because it is a phisher's dream come true. The whole point of OpenID is that it is open - ie, you, me and anyone else on the planet with their own website can be an OpenID provider. If the browser only accepts a few providers, then it breaks the open model. If it supports any open provider, then it will make spotting phishing attempts harder. So sorry Aral, but this idea is broken from start to finish. See <a href="http://idcorner.org/2007/08/22/the-problems-with-openid/" rel="nofollow">this article</a> for an explanation of OpenID's phishing vulnerability. OpenID is far from perfect because it is a phisher’s dream come true. The whole point of OpenID is that it is open – ie, you, me and anyone else on the planet with their own website can be an OpenID provider. If the browser only accepts a few providers, then it breaks the open model. If it supports any open provider, then it will make spotting phishing attempts harder. So sorry Aral, but this idea is broken from start to finish.

See this article for an explanation of OpenID’s phishing vulnerability.

]]>