What is OpenID? What are the security issues around it? Should you trust using it? What do you have to be worried about? What are the main security threats to it?
While I've written about OpenID here, I really wanted to understand more about the security issues around OpenID, so I got together with two other members of the Security Round Table, Michael Santarcangelo and Martin McKeay, to explore the issues around OpenID and security to a far greater degree.
We have shared the resulting conversation as a SRT podcast, and have also published as the show notes the large body of links that we accumulated during our preparation for the show. I'd encourage you to check out the SRT site purely for the links alone, as I think we pulled together one of the more comprehensive lists of links I've seen related to OpenID.
In the end, the three of us came aware quite impressed with the possibilities of OpenID with regard to the specific piece of the identity puzzle that it is aiming to solve. We hope this podcast helps people understand both the potential benefits as well as a few potential challenges with regard to security and OpenID. Comments and feedback are very definitely welcome.