Reputation: 298

The Most Secure Implementation of OpenID

What is the most secure implementation of OpenID technology?

Is there someone out there who knows enough about security, cryptography and OpenID specifications? No rumors, just facts.

I would like to know all about insecurities of network communication process between OpenID provider and OpenID-enabled site during:

logging in
is user logged?
user's sensitive information interchange
logout

and what should we be aware of.

Upvotes: 3

Answers (3)

Nicholas

Reputation: 90

Yeah, SAML is good. It has strong encryption between two endpoints. SAML 2.0 has a good binding protocol for messaging through HTTP or SOAP. It also covers identity assertions, so you can better authenticate that the user is who they say they are.

Upvotes: 1

Achilles

Reputation: 11319

What is security but an illusion given to the weak by the strong...I trust because I must, I hope because I'm not smart enough to grasp everything, and I ask questions that have no real answer...just momentary agreements between the smart...

I'd say Google probably has the most secure implementation. They have billions of dollars and really smart people.

Upvotes: 1

Marcus Adams

Reputation: 53870

We use SAML.

Upvotes: 1

The Most Secure Implementation of OpenID

Answers (3)

Related Questions