Jacob Kaplan-Moss

6 items tagged โ€œopenidโ€

๐Ÿ“Œ [security] Widespread Timing Vulnerabilities in OpenID implementations

Most known OpenID implementations are vulnerable to a timing attack in HMAC validation that will let remote attackers forge valid authentication tokens. Timing attacks are a bit tricky to understand, but very real. Theyโ€™re also quite subtle โ€” a bit like buffer overflows โ€” so knowing what they look like in the wild is important. #

๐Ÿ“Œ Yahoo! Releases OpenID Research (Yahoo! Developer Network Blog)

OpenID has shitty usability. Film at 11. #

๐Ÿ“Œ Brad's Thoughts on the Social Graph

Tackling social network portability. If anyone can solve this nasty problem itโ€™ll be Brad. #

๐Ÿ“Œ OpenID Bootcamp Tutorial ยป SlideShare

Slides from Simon and Davidโ€™s OpenID tutorial at OSCON. #

๐Ÿ“Œ Sun OpenID Non-Assertion Covenant

More companies need to start doing this. Software patents *can* work, but the patent office allows them to be too powerful. Smart companies like Sun are routing around the damage and allowing communities to make use of important technology. #

๐Ÿ“Œ OpenidPlugin - Trac Hacks - Plugins Macros etc. - Trac

This could be very cool... #