"Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in message
news:4368961.CLrj3deeS3@xxxxxxxxxxxxxxxxxx
Open-Source OpenID Code Bounties
,----[ Quote ]
| Our first initiative is an open-source code bounty program. Soon we will
| be granting $5,000 USD directly to ten open-source projects thats
| uccessfully implement OpenID.
|
| In order to be considered the open-source projects must have a large
| install base and support many online users. Five projects will be chosen
| by our sponsors and five will be chosen by votes from our community.G
| rants will be given after the projects have successfully implemented
| OpenID functionality into the core the applications.
`----
http://iwantmyopenid.org/
Sounds interesting. Can anyone explain how OpenID actually works? I read
the "How's it work?" section and looked at the "authentication protocol flow
diagram", but some details don't make sense to me:
(1) So you enter in some URL that you control. Fine.
(2) The server which wishes to authenticates you checks the URL for a
special file (some sort of public key?)
(3) If you never connect to this server before, the authentication fails
and you have to add the server to a trust list. I guess that special file
gets updated somehow (perhaps with a public key given to you from the
server).
(4) You do so, and now the server sees that you do indeed own that URL.
But now that the magic file is there, what's to prevent someone else from
entering the same URL that you had entered in, and all the nescessary magic
files are already present, thus allowing them to masquerade as you?
- Oliver
|
|
