Protecting the Keymaster
But what happens when your entire online identity is consolidated into a single entity? It becomes a prime target for attack. In the pre-OpenID world, attackers need to steal your individual credentials for each and every site you visit; but if they're all replaced with a single OpenID, hacking just one account gives you the keys to the castle.
The need for strong account protection has never been greater, which is why we've integrated our VIP Authentication Service with the VeriSign Labs' Personal Identity Provider as a showcase for how strong authentication melds with user-centric identity. Our users agree - a significant percentage of PIP users already protect their OpenID with a PayPal Security Key or a VIP Security Card.
Once you add strong authentication to OpenID, you need a way for relying parties to request it, and for identity providers to answer those requests. This is where the PAPE standard comes in, providing a standardized language for OpenID sites to talk about the strength of their authentication.
In the OpenID world, we're encouraged to put all of our eggs into one basket. Just make sure you stick a good lock on it!
Comments
Has VeriSign implemented PAPE so that Google, Yahoo, etc. can use VeriSign's strong authentication when a user has linked there PayPal or some other token to there OpenID?
Also thanks for the link.
Posted by: Jim | February 25, 2008 03:12 PM