Looking for links for the previous article on OpenID, I came across this post, from May 2007.
Sunâ€™s House of Cards?
Sun have a plan. In short, theyâ€™re going to have an OpenID provider which authenticates Sun employees only.
That is, so long as you trust your DNS. Or, in other words, if you arenâ€™t using any untrusted networks. How often does that happen?
And in the comments we find
Well, obviously it all has to run over TLS to be useful. Which should address those issues, right?
Comment by Tim Bray â€” 8 May 2007 @ 22:43 |Edit This
â€œObviouslyâ€. Yes, thatâ€™s obvious to you and me, but really you need to write down the rules.
Plus, of course, X.509 certs havenâ€™t proved to be the most invulnerable things in the world.
Comment by Ben â€” 10 May 2007 @ 8:10 |Edit This
Now, if that isn’t prophetic, I don’t know what is.