Hardware Based OpenID Service Available 119
An anonymous reader writes "TrustBearer Labs has announced a new service that lets you use various hardware based security tokens like smartcards and biometric devices with OpenID. A hardware based connection to OpenID allows higher levels of security and makes it easier for the end-user to control their credentials. OpenID is a decentralized cross-site authentication system that has been gaining momentum for quite a while now with major supporters like AOL, Google and Microsoft already announced."
Privacy Problem (Score:2, Interesting)
Re:Anything like verasigns pip? (Score:3, Interesting)
REMOTE_USER (Score:4, Interesting)
But overall it gives great flexibility to the implementor because he/she can layout a scheme were existing authentication/authorization infrastructures (like an institution's LDAP for example) can be used in a cross platform way to offer web based identity.
OpenID for non web clients? (Score:3, Interesting)
Re:Security risks? (Score:3, Interesting)
Re:itsatrap (Score:3, Interesting)
No, it knows nothing. OpenID has no trust, so they could have just visited http://www.jkg.in/openid/ [www.jkg.in] and generated one for that purpose.
OpenID says zero about who you really are. You are an anonymous user - which is why it would be crazy for a site which previously required registration to allow OpenID users to post simply based on the existence of that token. You're going to have to registry/verify your email/etc. *as well* so you've gained nothing.