OpenID
Mike McGrath
mmcgrath at redhat.com
Thu May 29 15:02:58 UTC 2008
On Thu, 29 May 2008, Jeremy Katz wrote:
> Jeffrey Tadlock wrote:
> > > The phishing problem isn't unique to OpenID.
> >
> > No, it isn't unique to OpenID - but it is certainly an area we should
> > take into account before implementing OpenID.
> >
> > With all of that said - I like the OpenID idea. And we run other
> > services that have potential exposure to security issues (ssh, just
> > our normal FAS logins, etc) - but we do make efforts to protect those
> > services to the best of our ability to reduce our risk.
>
> ... and we should actually look at using our SSL certs more for authentication
> as opposed to requiring people to type their FAS password all over the place.
> This is something I keep meaning to bring up but then having other stuff come
> up instead.
>
Actually we have some SSL auth in place already though I'm not totally
sure the status of it. We haven't officially announced it I know that :)
ricky? toshio? any comments?
-Mike
More information about the Fedora-infrastructure-list
mailing list