Stoppt die Vorratsdatenspeicherung! Jetzt klicken &handeln! Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

Archived entries for OpenID

OpenID for Drupal

Dank des Drupal 5 OpenID modules muss man nicht auf Drupal 6 warten um in den Genuß von OpenID zu kommen.

Im Development Seed Blog gibt es eine Beschreibung des Modules.

SeatBelt - Firefox OpenID Plugin

Praktisches OpenID Plugin für Firefox von Verisign: SealtBelt.

SeatBelt is a Firefox plug-in that assists you when signing in to OpenID sites with your PIP URL. Typically, if you are not signed into your PIP account when you access a sign in page using OpenID, you need to access your PIP account and sign in. Since you must do this within the same browser window, you have to navigate away from the page you wish to sign in to.

SeatBelt detects that you have clicked on an OpenID sign in field while not signed into your PIP account and prompts you to sign in. Once you have signed in, SeatBelt automatically returns you to the OpenID sign in page with your PIP URL filled in. The sign in session continues as normal.

Probleme mit OpenID

Stefan Brands hat problem(s) with OpenID.

Eine sehr ausführliche und lesenswerte Kritik an OpenID, auch wenn ich nicht unbedingt alle Punkt teile.

Die Kommentare sollte man in jedem Fall auch lesen.

OpenID aims to enable individuals to post blog comments and log into social networking sites without having to remember multiple passwords. (…)

Beyond this, OpenID is pretty much useless. The reasons for this are many: OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID “consumer.”

OpenID Sicherheit

gnucitizen setzt sich mit möglichen Angriffen gegen OpenID auseinander und verlinkt dazu ein Whitepaper (pdf 232kb) von Vlad Tsyrklevich.

Other then that, OpenID is a great idea. It works and it scales quite well. However, make sure that you are protected against the above mentioned attacks. I would suggest for browser vendors to include builtin security features such as HTTPS should be enforced by default, CSRF against the identity provider domain should not be possible, etc.

OpenID Präsentation

Simon Willisons Keynote auf der EuroPython 2007 über OpenID.

Copyright © 2004–2009. All rights reserved. – Impressum

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.