An interesting security aspect of trust-based authentication is that authentication for every site using it is only as secure as the least secure trusted site.
I'm not very familiar with OpenID as the buzzword du jour, but I'm guessing a site administrator can specifically distrust authentication information from particular sites. That's a good security move. When you start broadly wild carding denials or switching over to explicit acceptance instead of explicit denial then it's not exactly "open" any longer. It just becomes a small ring of trust, which is frankly not that exciting to me.
I mean, do you really want to trust Bob's Computer Shop to allow logins to your site? Slashdot? 4chan? If Business Week is suffering from SQL injection attacks on their main page, do you really want all their blog commenters to log in all over the rest of the web with trust credentials?
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|