[Discuss] single sign-on
Richard Pieri
richard.pieri at gmail.com
Sun Jul 28 10:29:14 EDT 2013
Kent Borg wrote:
> That is why my hypothetical bad guy was hoping Lastpass becomes very
> common, then it will become fertile ground for theft.
Yep. The biggest flaw with federated identity is identical to the
biggest flaw with SSL. It's entirely dependent on the security of the
provider. We already know how easy it is to compromise SSL certificate
authorities. Why should anyone expect federated identity providers to be
at all different? Because they promise to be better?
--
Rich P.
More information about the Discuss
mailing list