BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] single sign-on

Subject: [Discuss] single sign-on
From: richard.pieri at gmail.com (Richard Pieri)
Date: Sun, 28 Jul 2013 10:29:14 -0400
In-reply-to: <51F5207B.702@borg.org>
References: <mailman.7.1374681603.26411.discuss@blu.org> <5a8adb7711b0b7e1e7d2c7494e0613dd.squirrel@webmail.ci.net> <51F1B279.4060108@gmail.com> <51F26CB7.4070301@borg.org> <51F37597.9080600@gmail.com> <51F5207B.702@borg.org>

Kent Borg wrote:
> That is why my hypothetical bad guy was hoping Lastpass becomes very
> common, then it will become fertile ground for theft.

Yep. The biggest flaw with federated identity is identical to the 
biggest flaw with SSL. It's entirely dependent on the security of the 
provider. We already know how easy it is to compromise SSL certificate 
authorities. Why should anyone expect federated identity providers to be 
at all different? Because they promise to be better?

-- 
Rich P.

References:
- [Discuss] KeePassX
  - From: richb at pioneer.ci.net (Rich Braun)
- [Discuss] single sign-on
  - From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] single sign-on
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] single sign-on
  - From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] single sign-on
  - From: kentborg at borg.org (Kent Borg)

Prev by Date: [Discuss] single sign-on
Next by Date: [Discuss] Are there any SSL certificate authorities that don't cost a king's ransom?
Previous by thread: [Discuss] single sign-on
Next by thread: [Discuss] Thunderbird has an IM client?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org