Objective ad Verbatim:
“In this project, you use the OpenID account that you created in the previous project.” (Ciampa, 2009)
Process:
1. Now on to testing the OpenID. I pointed Firefox to LiveJournal’s page to login with an OpenID URL. To login (this being the first time), I simply input my PIP OpenID URL into the field provided and clicked ‘Login’.
2. On the first login with the OpenID, Verisign redirects you to a page to set when LiveJournal expires as a trusted site. On this page, you are presented with a few options pertaining to time or logic as to when the trusted site expires.
3. After setting the required options, Verisign directs you back to LiveJournal logged in to your account and authenticated.
4. Next, I pointed my browser to LifeWiki’s login page. After entering the OpenID URL into the Identity URL field, I clicked on ‘Login via OpenID’.
5. Opere citato, I am prompted by Verisign to set the trusted site expiry.
6. And as before, I am logged into the website.
Reflection:
What I personally glean from this exercise is the simplicity and elegance to using a single OpenID to manage web applications that provides potential value to the user (in terms of social networking and the broadcasting of information in this case).
However, using an OpenID runs the risk of the usual issues with Password Management Programs simply for the reason that it consolidates many accounts into one where only one instance of authentication is used (typically). Breaking the OpenID account password would grant access to a whole host of applications to a malicious user. A few possible methods to obtain OpenID access could include theft of cookies, malware or password cracking.
Sine Cera,
Jeremy Heng.
"Quis custodiet ipsos custodes?"
Hands-On Project 8.5 Sources
No comments:
Post a Comment