Posted by: Anonymous Coward
on March 27, 2007 09:36 PM
OpenID is a very nice idea but, it does have a weak spot that, to me is a relatively big one. If someone gains control of the web server that stores/issues the <rel link they can hijack the entire authentication process. Sadly, website break ins are the <a href="http://www.zone-h.org/component/option,com_attacks/Itemid,43/" title="zone-h.org">most common form of malicious hacking on the web.</a zone-h.org> So, if your self hosted web site is compromised or if the OpenId servers are compromised or DNS spoofed/poisoned, then the authentication is completely broken and since you are using that single ID authentication scheme "everywhere", your ID is completely owned by the attacker.
This is the core problem with all federated identity systems. They introduce multiple potential compromise vectors and because they are used by multiple sites(consumers) a single breach is devastating.
I don't have a solution for effective identity management but federated systems(OpenID) are not the answer.
Learn about Linux
Download Linux
Get Linux help
The Weak Spot
Posted by: Anonymous Coward on March 27, 2007 09:36 PMThis is the core problem with all federated identity systems. They introduce multiple potential compromise vectors and because they are used by multiple sites(consumers) a single breach is devastating.
I don't have a solution for effective identity management but federated systems(OpenID) are not the answer.
#