Here’s a post by “VeriSign Digital Infrastructure Staff” pondering about using OpenID as the authentication mechanism for SIP.
While this is still in the stage of “pondering”, I’m linking so you can ponder a bit, too ;-) Personally, I think if it can be made to work, this would be great both for OpenID and the broader adoption of SIP.
 © 2008, O'Reilly Media, Inc. (707) 827-7000 / (800) 998-9938 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
About O'Reilly Privacy Policy Contacts Authors Press Room Jobs User Groups Academic Solutions Newsletters Writing for O'Reilly RSS Feeds |
Other O'Reilly Sites O'Reilly Radar Ignite Tools of Change for Publishing Digital Media makezine.com craftzine.com hackzine.com perl.com xml.com |
Sponsored Sites Inside Aperture Inside iPhone Inside Lightroom Inside Port 25 InsideRIA |
I suspect that this will have similar problems to those exploited by phishers. Given that your OpenID is a URL, there's nothing to prevent people registering homonyms of existing domains (or plausible sounding equivalents) to create OpenIDs that look authoritative. c1tibank.com, for example. It probably helps me authenticate people I already know, but doesn't help much in authenticating people I don't know.
@Nik,
That problem is easily avoidable by using white lists of domains you provide support for. While a human might be fooled by c1tybank.com, a computer obviously knows the difference between an i and a 1.