[jboss-dev-forums] [Design of Security on JBoss] - Re: OpenID
sohil.shah@jboss.com
do-not-reply at jboss.com
Tue Feb 6 21:31:32 EST 2007
Interesting. Sounds similar to what passport tried to do. But ofcourse your internet identity would be owned by Microsoft in passport and that wouldn't work.
One thing I couldn't find in the application protocol flow is assertion propagation across web sites. This is so that say you logged in with OpenID mechanism on one site (abc.com), you wouldn't be challenged on another site (xyz.com) in the same web session
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012253#4012253
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4012253
More information about the jboss-dev-forums
mailing list