23 Apr, 2007
JanRain's myopenid.com site now has a number of improvements including an improved interface and support for client side SSL certificates. The idea is that after generating and installing a certificate in your browser the MyOpenID site can communicate directly with your browser using Transport Layer Security in order authenticate you.
The beauty of this system is that you don't need to enter your password in order to be authenticated and so the risks of being caught by a so-called phishing scam are significantly reduced. Of course with this technology also comes a major risk: anyone with access to your web browser automatically has access to all the accounts you use MyOpenID to sign in to without needing to enter a password.
Whilst this is clearly a risk I don't think it is too bad, after all it is generally the case that anyone with physical access to your computer and enough knowledge will probably be able to find some way to access all your files and data anyway. The other important consideration is that at the moment OpenID is really only used for access to blogs, wikis, photo galleries and the like and so totally perfect security isn't always necessary.
P.S. For those of you who don't already know I'm a keen advocate of OpenID - I've coded support into AuthKit and am launching my own OpenID Identity Provider at passurl.com.
Copyright James Gardner 1996-2020 All Rights Reserved. Admin.