Jacob Kaplan-Moss
Activity tagged “openid”
Bookmarks
[security] Widespread Timing Vulnerabilities in OpenID implementations
Most known OpenID implementations are vulnerable to a timing attack in HMAC validation that will let remote attackers forge valid authentication tokens. Timing attacks are a bit tricky to understand, but very real. They're also quite subtle — a bit like buffer overflows — so knowing what they look like in the wild is important.
Yahoo! Releases OpenID Research (Yahoo! Developer Network Blog)
OpenID has shitty usability. Film at 11.
Brad's Thoughts on the Social Graph
Tackling social network portability. If anyone can solve this nasty problem it'll be Brad.
OpenID Bootcamp Tutorial » SlideShare
Slides from Simon and David's OpenID tutorial at OSCON.
Sun OpenID Non-Assertion Covenant
More companies need to start doing this. Software patents *can* work, but the patent office allows them to be too powerful. Smart companies like Sun are routing around the damage and allowing communities to make use of important technology.
OpenidPlugin - Trac Hacks - Plugins Macros etc. - Trac
This could be very cool…