Fwd: Re: [WEB SECURITY] (Yadis) yet another distributed identity system

Chris Hammond-Thrasher chris.hammond-thrasher at hushmail.com
Fri May 20 12:04:32 EDT 2005


Jeremiah,

Thank you for bringing this to the attention of the list. Another 
example for the Ajax and security thread that I just stumbled 
across is Richard Jones' Gmail S/MIME Firefox extension (version 
0.1.1) available at http://www.richard.jones.name/google-
hacks/gmail-smime/gmail-smime.html

-CHT

On Fri, 20 May 2005 07:56:39 -0700 Jeremiah Grossman 
<jeremiah at whitehatsec.com> wrote:
>OpenID (http://www.danga.com/openid/), developed by the creators 
>LiveJournal, is another attempt at a single sign-on system. The 
>system 
>is similar TypeKey and Password, but focused more towards blogs 
>and 
>promises to actually be "distributed".
>
>"An OpenID-enabled site/blog lets you authenticate using your 
>existing 
>login from your homesite (whether that's on your own server or a 
>hosted 
>service) without giving away your password to the 3rd-party site 
>you're 
>visiting, or making a new account there, or giving away your email 
>
>address. And it's secure, and can run entirely in the browser 
>without 
>extensions, without moving between pages."
>
>The overview mentions the possible use of SAML, which might be of 
>interest to the conversation of about placing XML services in Ajax 
>
>thread.
>
>There is also a demo available using Ajax:
>http://www.danga.com/openid/demo/demo.html
>
>and detailed system specifications:
>http://www.danga.com/openid/specs.bml
>
>Enjoy.
>
>
>-------------------------------------------------------------------
>--
>The Web Security Mailing List
>http://www.webappsec.org/lists/websecurity/
>
>The Web Security Mailing List Archives
>http://www.webappsec.org/lists/websecurity/archive/


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list