[Discuss] single sign-on

[Richard Pieri]

Kent Borg wrote:
> That is why my hypothetical bad guy was hoping Lastpass becomes very
> common, then it will become fertile ground for theft.

Yep. The biggest flaw with federated identity is identical to the 
biggest flaw with SSL. It's entirely dependent on the security of the 
provider. We already know how easy it is to compromise SSL certificate 
authorities. Why should anyone expect federated identity providers to be 
at all different? Because they promise to be better?

-- 
Rich P.