Tuesday, March 25, 2008

review of OpenID

My interest in OpenID has recently been piqued, so I am definitely looking forward to the outcome of a JISC OpenID review:

"The primary aim of the project is to produce a report which will allow busy decision-makers to understand OpenID’s security properties well enough, quickly enough, to apply it safely and avoid its potential security pitfalls, based on first establishing by means of a survey a sound understanding of how such decision-makers are likely to proceed in the absence of such guidance. The secondary aims are to develop bridging software that will allow OpenIDs from any source to be used as identities within the production UK (SAML) federation, creating opportunities for early adopters to experiment. We will also demonstrate a library-type service modified to make use of such identities."

No comments: