[WEB SECURITY] (Yadis) yet another distributed identity system

Jeremiah Grossman jeremiah at whitehatsec.com
Fri May 20 10:56:39 EDT 2005


OpenID (http://www.danga.com/openid/), developed by the creators 
LiveJournal, is another attempt at a single sign-on system. The system 
is similar TypeKey and Password, but focused more towards blogs and 
promises to actually be "distributed".

"An OpenID-enabled site/blog lets you authenticate using your existing 
login from your homesite (whether that's on your own server or a hosted 
service) without giving away your password to the 3rd-party site you're 
visiting, or making a new account there, or giving away your email 
address. And it's secure, and can run entirely in the browser without 
extensions, without moving between pages."

The overview mentions the possible use of SAML, which might be of 
interest to the conversation of about placing XML services in Ajax 
thread.

There is also a demo available using Ajax:
http://www.danga.com/openid/demo/demo.html

and detailed system specifications:
http://www.danga.com/openid/specs.bml

Enjoy.


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list