[ubuntu-in] [OT] OpenId Discussion

[Jayanth S]

>
>
>
> I think we have a misunderstanding here. You will _not_ have to
> provide any password when a site says "LogIn using OpenID". You just
> have to paste a URL and then the user is redirected to the site of the
> OpenID provider where you choose to sign up (and hence you enter the
> password there). I think there is no question of middlemen here. If at
> all there is any such case, it is very much holds good when you are
> loggin in directly into the OpenID service provider (e.g. LiveJournal)
>
>
>
> This is a problem and a known issue. Hence, you see some times this
> mailing list or several others getting... "Forbia has invited you to
> be his friend" kind of mails. (which clearly is a act of ignorance)
> Also another way out is to have seperate email ids for mailing list
> subscriptions (But thats another topic completely)
>
> I will be very interested in further discussions on this topic. Thanks
> for starting such a thread.
>
> Regards,
> Aanjhan
>

I'm just trying to understand how ANY user would trade away information like
that so easily.. And want some people who have used these invitation
services to tell us all what gave them the confidence to do so..

With one developer resources website , i had to enter my OpenId which
wouldbe something at livejournal and then the password.. I was redirected for
authentication(agreed) but in between, i did send my info to the site.. I
mean, from myside it would have been a mistake to trust the site.. But i was
just testing something out so thats ok..


-- 
Jay
"Impossible Is Nothing"
http://www.amonks.in
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-in/attachments/20080813/dead14cd/attachment.htm