 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
27 messages in net.openid.general[OpenID] XRDS multi-OP listing?| From | Sent On | Attachments |
|---|---|---|
| David Recordon | Jun 4, 2008 2:08 pm | |
| Hans Granqvist | Jun 4, 2008 2:34 pm | |
| David Recordon | Jun 4, 2008 4:50 pm | |
| Johannes Ernst | Jun 4, 2008 9:49 pm | |
| Nat Sakimura | Jun 4, 2008 11:51 pm | |
| Martin Atkins | Jun 5, 2008 12:02 am | |
| Kick Willemse | Jun 5, 2008 3:49 am | |
| Steven Livingstone-Perez | Jun 5, 2008 4:06 am | |
| SitG Admin | Jun 5, 2008 8:31 am | |
| Johannes Ernst | Jun 5, 2008 9:15 am |  .gif, .gif |
| David Recordon | Jun 5, 2008 9:50 am | |
| David Recordon | Jun 5, 2008 9:51 am | |
| Martin Atkins | Jun 5, 2008 10:35 am | |
| SitG Admin | Jun 5, 2008 12:42 pm | |
| Martin Atkins | Jun 5, 2008 1:34 pm | |
| SitG Admin | Jun 5, 2008 3:58 pm | |
| Nat Sakimura | Jun 5, 2008 6:59 pm | |
| Nat Sakimura | Jun 5, 2008 7:06 pm | |
| Nat Sakimura | Jun 5, 2008 8:36 pm | |
| Martin Atkins | Jun 6, 2008 12:06 am | |
| Johannes Ernst | Jun 6, 2008 3:08 pm | |
| Warren Jamison | Jun 6, 2008 6:05 pm | |
| Carsten Pötter | Jun 6, 2008 8:47 pm | |
| Brandon Ramirez | Jun 7, 2008 10:28 am | |
| Brandon Ramirez | Jun 7, 2008 10:33 am | |
| SitG Admin | Jun 7, 2008 9:22 pm | |
| Tan, William | Jun 16, 2008 10:57 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [OpenID] XRDS multi-OP listing? | Actions... |
|---|---|---|
| From: | Martin Atkins (ma...@degeneration.co.uk) | |
| Date: | Jun 6, 2008 12:06:38 am | |
| List: | net.openid.general | |
SitG Admin wrote:
You got me thinking though about a way for the user (or someone on his behalf) host the selector himself.
I found this idea to be very exciting at first, because it would allow users without dynamic coding ability *or* hosts that support server-side scripting to outsource the job to sites that *do*. And at first I was thinking that the privacy-enhancing effect from decentralization would be even more available, since the ID selector would be very simple compared to implementing an OpenID server or similar, enabling just about *anyone* to run a selector - but then I realized that it'd *also* be introducing yet another point of *failure*. You're essentially doing the equivalent of giving some third party root access to your OpenID headers, without exposing the rest of your site to their access or control, but that third party can be hostile or become compromised. Is the security at this third party equal to or superior to what you use to protect your site?
The provider selector doesn't actually have any ability to make assertions on behalf of the providers. Only providers listed via the normal delegation mechanism in the XRDS document would actually be able to make assertions. Maybe an example would help to illustrate this:
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"><XRD> <Service priority="40"> <Type>http://openid.net/signon/1.0</Type> <URI>http://www.livejournal.com/openid/server.bml</URI> <LocalID>http://exampleusername.livejournal.com/</LocalID> </Service> <Service> <Type>http://openid.net/signon/1.0</Type> <URI>http://example.com/openidserver</URI> <LocalID>http://blah.example.com/</LocalID> </Service> <Service> <Type>http://example.net/openid-provider-selector</Type> <URI>http://www.example.org/opselector</URI> </Service> </XRD></xrds:XRDS>
Note that the OP selector is not itself a provider, so it has no ability to make assertions about this identifier itself. Only LiveJournal and example.com can actually make assertions, or else the verification step will fail.
Of course, if a third-party is hosting your XRDS document then they could change it to say whatever they like. I would guess that in practice almost everyone using delegation has a third-party hosting their XRDS document, whether it be on a basic web hosting account or on a rented server.
I see your concern about it being another thing that might fail.
The person hosting your OP selector can keep records for the user of what OP's have been designated in the past, but that same person could omit from their records any sign that they were having their selector redirect requests from certain RP's to an OP they controlled, so it's a bit more serious than just a compromised OP; how do you know whether your OP was used or the person hosting your selector authenticated as you using another OP or the RP for some reason logged you in without properly verifying your identity?
Are you describing a variant on the OP-spoofing phishing attack here?
I suppose that's possible. However, since the OP selector is a service that was chosen by the user rather than an arbitrary site as in the RP phishing case I would consider this less of a problem here.