{"id":240,"date":"2007-10-01T15:18:32","date_gmt":"2007-10-01T22:18:32","guid":{"rendered":"http:\/\/www.laurenwood.org\/anyway\/2007\/10\/01\/suns-openid-idp-trust\/"},"modified":"2007-10-01T15:18:32","modified_gmt":"2007-10-01T22:18:32","slug":"suns-openid-idp-trust","status":"publish","type":"post","link":"https:\/\/www.laurenwood.org\/anyway\/2007\/10\/suns-openid-idp-trust\/","title":{"rendered":"Sun\u2019s OpenID IdP:&nbsp;Trust"},"content":{"rendered":"<p>Part of a series on Sun\u00ad\u2019s OpenID@Work ini\u00adti\u00adat\u00adive; see the <a href=\"http:\/\/www.laurenwood.org\/anyway\/2007\/09\/suns-openid-idp-introduction\/\">intro\u00adduc\u00adtion<\/a> for more context.<\/p>\n<p>Trust is always an issue on the web. People don\u2019t usu\u00adally even think about it, but they trust the <span class=\"caps\">DNS<\/span> serv\u00ader to point their browser at the right web site when they click on a link, they trust the web serv\u00ader to serve up the right page, they trust their online bank to not broad\u00adcast their cred\u00adit card num\u00adbers to the world, etc. etc. We as end-users can\u00ad\u2019t do any\u00adthing about most of those, but there are some things that we can do, such as not giv\u00ading bank\u00ading details to sites that don\u2019t look like our bank\u2019s, or only giv\u00ading out our social insur\u00adance num\u00adbers when we really have to. Know\u00ading some of the issues and  poten\u00adtial prob\u00adlems is import\u00adant \u2014 you want to veri\u00adfy as much as pos\u00adsible wheth\u00ader your trust in the site is jus\u00adti\u00adfied. So you don\u2019t click on links in emails that don\u2019t quite look right, and you check wheth\u00ader the little \u201clocked\u201d sign is present (assum\u00ading your browser has\u00adn\u2019t been hacked). Lots of people don\u2019t trust inter\u00adnet sys\u00adtems with their per\u00adson\u00adal data at all, decid\u00ading that the advant\u00adages of online inter\u00adac\u00adtions are out\u00adweighed by the poten\u00adtial dam\u00adage if some\u00adthing goes wrong (there\u2019s that risk assess\u00adment again that I talked about in the <a href=\"http:\/\/www.laurenwood.org\/anyway\/2007\/09\/suns-openid-idp-business-purpose\/\">Busi\u00adness Pur\u00adpose<\/a> post\u00ading of this series).<\/p>\n<p>So what\u2019s this got to do with Open\u00adID? Quite a lot, actually.<\/p>\n<p>Open\u00adID is an untrus\u00adted pro\u00adtocol, at least for ver\u00adsion 1.1, which is the one we deployed on the Open\u00adID IdP, and it\u2019s likely to be true for ver\u00adsion 2.0 as well, although that isn\u2019t fin\u00adished yet. As the Open\u00adID web site says: <q><a href=\"http:\/\/openid.net\/about.bml\">This is not a trust sys\u00adtem.<\/a><\/q>. Among oth\u00ader things, you don\u2019t know any\u00adthing about the site you\u2019re log\u00adging into, it might be genu\u00adine, it might be a phish\u00ading site, it might be some oth\u00ader rogue site. And there\u2019s no way cur\u00adrently for the Iden\u00adtity Pro\u00advider to know. In oth\u00ader words, just because you can log into it with your open\u00adid iden\u00adti\u00adfi\u00ader, does\u00adn\u2019t mean any\u00adthing about what that site might do with any data or inform\u00ada\u00adtion you might give it. Which is one good reas\u00adon why Sun\u00ad\u2019s Open\u00adID IdP does not hand over inform\u00ada\u00adtion from the user\u00ad\u2019s account to the con\u00adsum\u00ading site (rely\u00ading party) unless the user agrees to it. You\u2019re the per\u00adson log\u00adging in, you can decide wheth\u00ader to trust that site with any inform\u00ada\u00adtion, wheth\u00ader that\u2019s your open\u00adid iden\u00adti\u00adfi\u00ader, or your name (pos\u00adsibly fake) or email address. And Sun\u00ad\u2019s sys\u00adtem does\u00adn\u2019t ask for or store your date of birth, so if some site wants it (why would always be the right ques\u00adtion to ask), feel free to answer cor\u00adrectly or with some com\u00adpletely ran\u00addom date (in fact, many pri\u00advacy advoc\u00adates say you should <b>nev\u00ader<\/b> tell any web site your real date of birth if there\u2019s any way of leg\u00adally avoid\u00ading it). Even hand\u00ading over your open\u00adid iden\u00adti\u00adfi\u00ader to some site can cause prob\u00adlems, if they then use it for pur\u00adposes you did\u00adn\u2019t expect and don\u2019t agree to. Since this is an opt-in sys\u00adtem for per\u00adson\u00adal use, Sun would\u00adn\u2019t bear any liab\u00adil\u00adity if you did fall prey to a phish\u00ader or oth\u00ader rogue while using your Sun open\u00adid identifier.<\/p>\n<p>The upshot of this is that Open\u00adID should\u00adn\u2019t be used for what are called high-value trans\u00adac\u00adtions, at least in its cur\u00adrent incarn\u00ada\u00adtion. High-value trans\u00adac\u00adtions are things such as log\u00adging in to your bank\u00ading sys\u00adtem, or releas\u00ading sens\u00adit\u00adive per\u00adson\u00adal inform\u00ada\u00adtion such as your med\u00adic\u00adal his\u00adtory. Typ\u00ading \u201copen\u00adid phish\u00ading\u201d or \u201copen\u00adid attacks\u201d into your favour\u00adite search engine will give you some idea of the sorts of attacks that are cur\u00adrently pos\u00adsible. Some of these will be rel\u00adat\u00adively easy to mit\u00adig\u00adate, and some aren\u2019t really worth mit\u00adig\u00adat\u00ading for the sorts of use cases that Open\u00adID was designed for, as they would make the res\u00adult\u00ading pro\u00adtocol much harder to imple\u00adment and deploy. And let\u2019s face it, the idea behind Open\u00adID was to have some\u00adthing easy and light\u00adweight to deploy that meets some, but not all, authen\u00adtic\u00ada\u00adtion use&nbsp;cases.<\/p>\n<p>Related art\u00adicles include Steven Nel\u00adson\u2019s <a href=\"http:\/\/blogs.sun.com\/delusions\/entry\/questions_to_ask_before_openid\">So you wan\u00adnabe an Open\u00adID pro\u00advider?<\/a>, Eve Maler\u00ad\u2019s <a href=\"http:\/\/www.xmlgrrl.com\/blog\/archives\/2007\/05\/08\/a-tincture-of-trust\/\">A Tinc\u00adture of Trust<\/a>, and Yvonne Wilson\u2019s <a href=\"http:\/\/blogs.sun.com\/yvonne\/entry\/trusted_sources_of_information\">Trus\u00adted Sources of Inform\u00ada\u00adtion<\/a>. Simon Wil\u00adlis\u00adon has a slightly dif\u00adfer\u00adent take in <a href=\"http:\/\/simonwillison.net\/2007\/Sep\/30\/designing\/\">Design\u00ading for a secur\u00adity breach<\/a>. And if you want a more form\u00adal defin\u00adi\u00adtion of trust and some of the issues around it, try <a href=\"http:\/\/www.sun.com\/blueprints\/1202\/817-0775.pdf\">Trust Mod\u00adel\u00ading for Secur\u00adity Archi\u00adtec\u00adture Devel\u00adop\u00adment<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part of a series on Sun\u00ad\u2019s OpenID@Work ini\u00adti\u00adat\u00adive; see the intro\u00adduc\u00adtion for more con\u00adtext. Trust is always an issue on the web. People don\u2019t usu\u00adally even think about it, but they trust the <span class=\"caps\">DNS<\/span> serv\u00ader to point their browser at the right web site when they click on a link, they trust the web serv\u00ader \u2026 <a href=\"https:\/\/www.laurenwood.org\/anyway\/2007\/10\/suns-openid-idp-trust\/\" class=\"more-link\">Con\u00adtin\u00adue read\u00ading<span class=\"screen-reader-text\"> \u201cSun\u2019s Open\u00adID IdP:&nbsp;Trust\u201d<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"","footnotes":""},"categories":[13],"tags":[25,24],"class_list":["post-240","post","type-post","status-publish","format-standard","hentry","category-identity","tag-openid","tag-sunopenid"],"_links":{"self":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/comments?post=240"}],"version-history":[{"count":0,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/240\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/media?parent=240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/categories?post=240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/tags?post=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}