[WEB SECURITY] (Yadis) yet another distributed identity system

Jeremiah Grossman jeremiah at whitehatsec.com
Fri May 20 10:56:39 EDT 2005

OpenID (http://www.danga.com/openid/), developed by the creators 
LiveJournal, is another attempt at a single sign-on system. The system 
is similar TypeKey and Password, but focused more towards blogs and 
promises to actually be "distributed".

"An OpenID-enabled site/blog lets you authenticate using your existing 
login from your homesite (whether that's on your own server or a hosted 
service) without giving away your password to the 3rd-party site you're 
visiting, or making a new account there, or giving away your email 
address. And it's secure, and can run entirely in the browser without 
extensions, without moving between pages."

The overview mentions the possible use of SAML, which might be of 
interest to the conversation of about placing XML services in Ajax 

There is also a demo available using Ajax:

and detailed system specifications:


The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list