From OpenStreetMap Wiki
Jump to: navigation, search

It seems to me, that the OpenID is a pretty broken system.

See here:

Or simply: Search

Maybe OSM should consider to rather not support vulnerable security systems. I know, that it is optional for the users. But OSM kind of implies (or even warrants) that OpenID is to be trusted by offering OpenID as a solution. I am not sure if OpenID is to be generally trusted as a good solution for online identity. Seems like users can be fooled and phished too easily. My first impression: It better not be recommended it at all!

Please prove me wrong if anybody finds other news. Zeptomoon 14:16, 1 September 2011 (BST)

It's not OpenID that's the issue here, all that it opens up is another way to arrange to end up being the man in the middle, it's not more or less phishing proof than loading my provider directly and having someone MITM the wire, or DNS poison etc. If your provider supports it it can be fishing proof by using SSL and the user knowing how to check the certificate or better yet SSL with client auth. But this is no worse than the login form on OSM itself as again it is not SSL encrypted, funny though, the wiki one is.
Ewanm89 16:41, 9 December 2011 (UTC)