[ubuntu-in] [OT] OpenId Discussion
Onkar Shinde
onkarshinde at gmail.com
Wed Aug 13 19:23:30 BST 2008
> With one developer resources website , i had to enter my OpenId which
> wouldbe something at livejournal and then the password.. I was redirected for
> authentication(agreed) but in between, i did send my info to the site.. I
> mean, from myside it would have been a mistake to trust the site.. But i was
> just testing something out so thats ok..
>
OpenID is not supposed to work this way. The site which supports
openid authentication never asks password.
The way it works is like this.
Let's see you need to login to ubuntu-in.org using openif provided by launchpad.
1. In the login box on ubuntu-in.org, you enter your launchpad openid.
2. You are redirected to launchpad.
3. If there is no existing session with launchpad, step 4 is executed
else step 5 is executed.
4. Launchpad asks you for your username and password.
5. Launchpad asks whether you want ubuntu-in.org to identify you
through launchpad. You also have options like only once or always.
6. Launchpad sends confirmation to ubuntu-in.org that you have been
authenticated.
7. ubuntu-in.org creates a session for you.
So no where in the process ubuntu-in.org asks you the password.
Hope this helps.
Onkar
More information about the ubuntu-in
mailing list