What is the most secure implementation of OpenID technology?
Is there someone out there who knows enough about security, cryptography and OpenID specifications? No rumors, just facts.
I would like to know all about insecurities of network communication process between OpenID provider and OpenID-enabled site during:
and what should we be aware of.
What is security but an illusion given to the weak by the strong...I trust because I must, I hope because I'm not smart enough to grasp everything, and I ask questions that have no real answer...just momentary agreements between the smart...
I'd say Google probably has the most secure implementation. They have billions of dollars and really smart people.
What is your application Petr? We'd be glad to discuss approaches, options, pros/cons. SAML is great for B2B enterprise federated ID where granular roles and rules are critical. For more customer facing functionality, OpenID can sometimes be appropriate as well. Feel free to send an email to info at janrain.com. Cheers, Brian