Vulnerability Alert – OpenID 2.0 Implementations Vulnerabilities found in some OPs

Please be advised a number of OpenID Authentication 2.0 server implementations were found to be vulnerable due to non-compliance to the normative requirements of the OpenID Authentication 2.0 specification. The nature of the vulnerability In section of the OpenID Authentication 2.0, it is stated that “For verifying signatures an OP MUST only use private […]

PAPE Approved as an OpenID Specification

The OpenID Foundation membership has approved OpenID Provider Authentication Policy Extension 1.0 as an OpenID specification by a vote of forty-two to three, with seven abstentions. This is a significant development for the OpenID community for two reasons…

Challenges facing OpenID

Its been an busy week in the world of OpenID. On Friday Ben Laurie announced a security vulnerability around OpenID that relates to existing problems with DNS and certain SSL certificates. Discussions on the OpenID General mailing list have been fruitful and the major OpenID providers out there today have disclosed that they are either […]