Fuzbolero .'s Library tagged openid → View Popular

Filter:
All
Annotated

30 Aug 09

OpenID at risk due to DNS flaw, warns researcher : News : Security - ZDNet Asia

www.zdnetasia.com/...0,39044215,62044851,00.htm - Preview

openid technology news security vulnerability dns internet sso single-sign-on

A fundamental issue affects the OpenID authentication system, due to its reliance on the Domain Name System, a Sun identity-technology specialist has warned.
Robin Wilton, a corporate architect for federated identity at Sun, described OpenID's reliance on the integrity of the Domain Name System (DNS) as a "multi-factor problem" in light of the discovery of a fundamental flaw in DNS by security researcher Dan Kaminsky.

"You may have seen the recent announcements about DNS cache poisoning, and the potential effect of this on all kinds of Internet-based applications' security," Wilton wrote in a blog post on Friday. "One area in which it can have a particularly significant impact is OpenID."
2 more annotations...
- OpenID is a shared, online identity service that lets people create one single login to use on multiple sites. Its supporters include major organizations such as Microsoft, Yahoo and the BBC.
- Wilton wrote that OpenID is not designed to require the prior exchange of security information between parties for the process to work. Instead, it relies on the integrity of the underlying DNS system to ensure that identity is vouched for by the "correct" trust provider. This means that, if the underlying DNS system is compromised (for example, through cache poisoning), authentication is undermined, as it is impossible to tell whether an entity vouching for an identity can be trusted.

phpBB.com • View topic - [BETA] phpBB OpenID ver 0.2.4

www.phpbb.com/...viewtopic.php - Preview

openid forum extension discussion

ZenorSoft.com Web Design • View topic - phpBB OpenID

zenorsoft.com/...viewtopic.php - Preview

openid forum extension

08 Jun 09

OPX - Your own branded OpenID solution - JanRain.com

www.janrain.com/opx - Preview

openid branding sso single-sign-on digital-identity identity-management

OpenID is evolving, and organizations are recognizing the value of
providing a branded OpenID to their customers, building better
relationships with those customers, and increasing their value over
time. With the comprehensive JanRain OPX solution, a Software as a
Service platform, you can capture all the benefits of OpenID for
your website without all the hassles.

The Dam Just Broke: Facebook Opens Up to OpenID - readwriteweb.com

www.readwriteweb.com/...acebook_opens_up_to_openid.php - Preview

facebook openid development

18 Mar 09

Implementers' Draft: XRDS-Simple 1.0 Draft 1 - xrds-simple.net

Related: OpenID

xrds-simple.net/1.0 - Preview

openid security xrds webservice-integration

XRDS-Simple provides a format and workflow for the discovery of resources
metadata, and other linked resources. As web services continue to grow,
applications utilize a wider range of web services and resources across
multiple providers. XRDS-Simple allows providers to document their resources
in a machine-readable way, which can be automatically discovered by consumer
applications.

DiSo-Project.org - interoperable building blocks for decentralized social web

Related: openid, oauth, microformats, etc.

diso-project.org - Preview

openid socialnetworking microformats opensocial

DiSo (dee • soh) is an initiative to facilitate the creation of open, non-proprietary and interoperable building blocks for the decentralized social web.

phpMyID: stand-alone OpenID Identity Provider

siege.org/phpMyID - Preview

openid php authentication opensource gpl security software identity-management

phpMyID is a standalone, single user, OpenID Identity Provider.

Drupal and OpenID | realtech.burningbird.net

realtech.burningbird.net/...drupal-and-openid - Preview

drupal cms security openid article

Until this weekend, I had turned off new user registration at my Drupal sites, because I get too many junk user registrations. However, to incorporate OpenID into a Drupal site, you have to allow users to register themselves, regardless of whether they use OpenID or not.
I think this all or nothing approach actually limits the incorporation of OpenID within a Drupal site.
7 more annotations...
- I believe that OpenID should be an added, optional field attached to the comment form, allowing one to attach one's OpenID directly to a comment, which then creates a limited user account within the site specifically for the purposes of commenting.
- Currently the new user registration options in Drupal 6x are:
- Turn on the latter two options and you'll get spammy registrations within a day
- I believe there should be a fourth and fifth option:
- Visitors can create accounts using OpenID, only, and no administrator approval is required.
- Visitors can create accounts using OpenID, only, but administrator approval is required.
- I tried my new module and OpenID autoregistration, but ran into a problem: the Drupal client does not like either the username or email provided via the Drupal OpenID provider. Why? Because the OpenID identifier used in the registration consists of the URL of the Provider, which is the URL of the Drupal site I used for my test, and the Drupal client does not like my using a URL. In addition, the provider also didn't provide an email address.

An OpenID is not an account! - simonwillison.net

(2007 post.)

simonwillison.net/...account - Preview

openid authentication security reference

The key thing here is that you should never trust an OpenID on its own. It could be a real person, or it could be a spammer, psycopath or general undesirable.

Does this mean OpenID is completely useless? Absolutely not! You just have to think of it in the same way that you think of username and password combinations: as the “key” to an account.
The trust issue is now null and void. An OpenID is just as trustworthy as a regular username and password (which could have been posted to bugmenot and shared with thousands of people).
1 more annotations...
- One last time: an OpenID is not an account. Just treat it as an alternative to a traditional username and password and you can’t go wrong.

Feature request: Integration of idselector instead? | drupal.org

Hmmm. Ideally, such functionality should be based on either opensourced solutions or go directly towards an OpenID provider you trust. Not good lacking insight into the code of security features.

drupal.org/306200 - Preview

drupal cms modules security authentication openid opensource security-management

Comfortable OpenID Login Box
The problem with ID Selector isn't open source, is it?
2 more annotations...
- It's not open source, but it allows you to include a .js file which will re-theme your openid form using it's super-easy-to use id selector.
- It almost works 100% out of the box with 1 issue I've noticed so far. The id selector .js aggressively wants to be the default form of logging in.

Another blog about OpenID - ignisvulpis.blogspot.com

See also list of other blogs about "identity" along the sidebar on that blog.

ignisvulpis.blogspot.com - Preview

openid blog authentication reference development

2008 was an awesome year for OpenID where the community created significant momentum moving toward mainstream adoption. No, not every site on the web is using OpenID nor does every consumer know what OpenID does, but last year alone the number of sites that accept OpenID for sign in more than tripled¹. Today, there are over thirty-thousand publicly accessible sites supporting OpenID for sign in and well over half a billion OpenID enabled accounts.
AOL², Google³, Microsoft⁴, mixi (the largest social network in Japan)⁵ and Yahoo!⁶ have all shipped OpenID Provider implementations with nearly all of them supporting OpenID 2.0.
8 more annotations...
- A number of major sites added support to sign in using OpenID including AOL’s MapQuest¹⁰, Google’s Blogger¹¹, Microsoft’s Health Vault¹², SourceForge¹³ as well as the commenting services TypePad Connect¹⁴ and Intense Debate (which in turn enabled Barack Obama’s Change.gov¹⁵). Google Friend Connect also enabled any site to support OpenID sign in via JavaScript¹⁶ which thousands of sites have done.
- Google, IBM, Microsoft, VeriSign, and Yahoo! joined the board of the OpenID Foundation¹⁷ bringing additional insight, complementing the community board members and helping financially support the organization.
- A Japanese chapter of the OpenID Foundation was formed in February¹⁸ and has since added nearly forty-five member companies¹⁹; including merchants, portals, educational institutions, insurance companies, manufacturing companies, airlines and banks.
- The BBC hosted twenty-six people from seventeen organizations in New York City to kick off an OpenID Content Provider Advisory Committee²⁰ meeting facilitated by JanRain and the OpenID Foundation.
- The OpenID Foundation helped push forward usability and user experience research and best practices, by hosting an OpenID user experience summit led largely by Yahoo! and Google.
- Coming into 2008, VeriSign had launched their OpenID SeatBelt plugin and Sxip launched Sxipper for FireFox and Flock. In 2008, not only did VeriSign²² and Vidoop²³ add one-click sign in functionality to their OpenID Providers, but Flock, MySpace and Vidoop collaboratively launched a new project called Identity in the Browser²⁴. I also wrote my thoughts on Getting OpenID Into the Browser, talking about why an identity enabled web browser really should be built.
- Indeed, the launch of Facebook Connect – a completely proprietary identity system for the web – in 2008 underscores the importance of open standards-based technologies like OpenID. Certainly it provides clear motivation to the entire OpenID community to demonstrate the value of decentralization and interoperability with an additional emphasis on usability, security and consumer friendliness.
- While Facebook Connect continues introducing consumers and companies to the idea of shared sign in and profile exchange, forward-looking social networks like MySpace are now building the same functionality atop OpenID, OAuth, OpenSocial and other non-proprietary technologies. To their credit, Facebook continues to participate in an increasing number of meetups and events around OpenID.

On OpenID Gaining Momentum: 30,000 Sites, Half a Billion Accounts « The Real McCrea

therealmccrea.com/...on-openid-gaining-momentum - Preview

openid articles authentication cms-related development

Two nice pieces yesterday on how OpenID picked up steam in 2008. David Recordon’s post at OpenID.net is simply entitled 2008:Momentum. It offers a great review of the progress made last year:

IDselector.com - Making OpenID easier

www.idselector.com - Preview

openid authentication web2.0 webdev webservice-integration

- Helps new users get and remember their OpenID.
- "One click" login experience for return users.
- Consistent login experience across OpenID enabled websites.

OpenID Provider (OP) Delegation - wiki.openid.net

wiki.openid.net/OP-Delegation - Preview

openid authentication specification reference documentation

This page exists to track information relating to the OpenID Provider Delegation Extension 1.0.

OpenID Provider Delegation Extenstion - Draft 1 - wiki.openid.net

wiki.openid.net/...elegation-extension-1_0-1.html - Preview

openid authentication specification reference documentation

This document specifies an extension to OpenID Authentication 2.0
Discovery. This extension allows an end-user to delegate authority
over a particular OpenID Identifier to divergent OpenID Providers
(OP's), depending on certain characteristics of a Relying Party
and/or certain characteristics of an OpenID transaction.

This extension specifies three categories under which Identifier
authority can be delegated: Service, Class, and Domain. For example,
an Identifier might specify a different authoritative OP depending
on the Service (e.g., OpenID 2.0, OAuth, and others); the RP Domain
(*.example.com); or a pre-defined service Class (e.g., one OP for
single-factor auth, and another OP when two-factor Auth is
required).

By providing OpenID Identifiers with the ability to specify multiple
OP's based on particular characteristics of each OpenID transaction,
users will be able to utilize the best OP for any particular OpenID
transaction.

05 Mar 09

OpenID URL module | drupal.org

drupal.org/openidurl - Preview

drupal modules security authentication openid

1 - 20 of 57 Next › Last »

Showing 20▼ items per page

Selected Tags

openid

Related Tags

Top Contributors

Click in to find related links.

Groups interested in openid

faezrland

Members (11)

bookmarks (1374)
emagarten

Members (12)

bookmarks (1376)
be21zh

Members (11)

bookmarks (1377)

Related Lists on Diigo

OPENID_Jommla_CB

some open ID system ,could ...

Items: 9 | Visits: 32

Created by: doingtoing
Web SSO

Items: 8 | Visits: 22

Created by: Paulo Nogueira
e-identity

Items: 4 | Visits: 23

Created by: tomowc

Diigo is about better ways to research, share and collaborate on information. Learn more »

Join Diigo

Fuzbolero .'s Library tagged openid → View Popular

OpenID at risk due to DNS flaw, warns researcher : News : Security - ZDNet Asia

phpBB.com • View topic - [BETA] phpBB OpenID ver 0.2.4

ZenorSoft.com Web Design • View topic - phpBB OpenID

OPX - Your own branded OpenID solution - JanRain.com

The Dam Just Broke: Facebook Opens Up to OpenID - readwriteweb.com

Implementers' Draft: XRDS-Simple 1.0 Draft 1 - xrds-simple.net

DiSo-Project.org - interoperable building blocks for decentralized social web

phpMyID: stand-alone OpenID Identity Provider

Drupal and OpenID | realtech.burningbird.net

An OpenID is not an account! - simonwillison.net

Feature request: Integration of idselector instead? | drupal.org

Another blog about OpenID - ignisvulpis.blogspot.com

Videos about idselector (OpenID - Technorati.com

NotSoRelevant.com - a blog about OpenID

OpenID.net » Blog Archive » 2008: Momentum

On OpenID Gaining Momentum: 30,000 Sites, Half a Billion Accounts « The Real McCrea

IDselector.com - Making OpenID easier

OpenID Provider (OP) Delegation - wiki.openid.net

OpenID Provider Delegation Extenstion - Draft 1 - wiki.openid.net

OpenID URL module | drupal.org

Selected Tags

Related Tags

Sponsored Links

Top Contributors

Groups interested in openid

faezrland

emagarten

be21zh

OPENID_Jommla_CB

Web SSO

e-identity