[ubuntu-in] [OT] OpenId Discussion
Aanjhan R
aanjhan at gmail.com
Wed Aug 13 18:41:09 BST 2008
On Wed, Aug 13, 2008 at 10:53 PM, Parthan SR
<parth.technofreak at gmail.com> wrote:
> Jayanth S wrote:
>> I have a small thought on OpenId.. Hope it turns out into a nice
>> discussion.. Talking about OpenId service providers, there are quite a
>> few.. EG: LiveJournal, LaunchPad, etc..
>>
>> When a site says they allow the use of Open ID to authenticate
>> yourself, people without much thought punch in their
>> LiveJOurnal/Launchpad id and password.. There is a huge failure in
>> this mechanism.. How do you ensure that there is absolutely no Man in
>> the middle collecting your info?
I think we have a misunderstanding here. You will _not_ have to
provide any password when a site says "LogIn using OpenID". You just
have to paste a URL and then the user is redirected to the site of the
OpenID provider where you choose to sign up (and hence you enter the
password there). I think there is no question of middlemen here. If at
all there is any such case, it is very much holds good when you are
loggin in directly into the OpenID service provider (e.g. LiveJournal)
>>
>> Similarly, when you sign up for Twitter and other Web 2.0"So called"
>> sites which let you invite your Gmail friends, people type their ids
>> and passwords without thinking..
>>
This is a problem and a known issue. Hence, you see some times this
mailing list or several others getting... "Forbia has invited you to
be his friend" kind of mails. (which clearly is a act of ignorance)
Also another way out is to have seperate email ids for mailing list
subscriptions (But thats another topic completely)
I will be very interested in further discussions on this topic. Thanks
for starting such a thread.
Regards,
Aanjhan
More information about the ubuntu-in
mailing list