Links

Ben Laurie blathering


Sun’s House of Cards?

Sun have a plan. In short, they’re going to have an OpenID provider which authenticates Sun employees only.

That is, so long as you trust your DNS. Or, in other words, if you aren’t using any untrusted networks. How often does that happen?

5 Comments

  1. […] There’s a lot of healthy discussion already happening around Sun’s OpenID announcement. So far, it’s mostly centering on the notion that the Sun Identity Provider for OpenID is going to be conveying an implicit attribute: “A person who successfully authenticates over here is a Sun employee.” There’s a LOT that can be said about this one seemingly small thing, but I’ll try to restrict myself to a few remarks for starters and see where it goes. […]

    Pingback by Pushing String » A tincture of trust — 8 May 2007 @ 17:04

  2. Well, obviously it all has to run over TLS to be useful. Which should address those issues, right?

    Comment by Tim Bray — 8 May 2007 @ 22:43

  3. “Obviously”. Yes, that’s obvious to you and me, but really you need to write down the rules.

    Plus, of course, X.509 certs haven’t proved to be the most invulnerable things in the world.

    Comment by Ben — 10 May 2007 @ 8:10

  4. How often do you actually trust your DNS anyway? Why should you ever? There is the untrusted network consideration, but it’s just as likely an administrator will introduce a typo in named.conf or some hegemony will create a wildcard dns record and direct all your unresolved lookups to themselves. Let us not forget search domains either. I can’t tell you how many times I’ve accidently ssh’d to some external site because I forgot to use a FQDN and my resolver happily found me an alternative.

    Comment by Heather — 10 May 2007 @ 18:13

  5. […] for links for the previous article on OpenID, I came across this post, from May 2007. Sun’s House of […]

    Pingback by Links » Call Me Nostradamus! — 11 Aug 2008 @ 19:28

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress