Difference between revisions of "Talk:Viewer Authentication Critique"
Jump to navigation
Jump to search
Matthew Dowd (talk | contribs) |
Matthew Dowd (talk | contribs) (Initial points) |
||
Line 1: | Line 1: | ||
== Security == | == Security == | ||
=== Pros === | === Pros === | ||
* Viewer does not have to process (and "see") username and password | |||
=== Cons === | === Cons === | ||
* Viewer still involves running trusted code on the computer and could initiate other attacks e.g. | |||
** Silently buy L$ and pass onto another account | |||
** Pass token onto bot, and drop the users connection | |||
* Potential for phishing websites to entice users to enter username and password and then pass control to SL website and viewer. | |||
=== Alternatives === | === Alternatives === | ||
Line 11: | Line 15: | ||
=== Pros === | === Pros === | ||
* Enables username/password authentication to work on third party sites without them having to "see" username and password | |||
=== Cons === | === Cons === | ||
=== Alternatives === | === Alternatives === | ||
* OpenID | |||
* CardSpace | |||
* Identity Metasystem | |||
== Persistence == | == Persistence == | ||
Line 22: | Line 29: | ||
=== Cons === | === Cons === | ||
* Inconvenient for those with alts | |||
* Inconvenient for those with multiple clients | |||
=== Alternatives === | === Alternatives === | ||
* Is this really needed? | |||
---- | |||
--[[User:Matthew Dowd|Matthew Dowd]] 11:27, 29 September 2007 (PDT) |
Revision as of 11:27, 29 September 2007
Security
Pros
- Viewer does not have to process (and "see") username and password
Cons
- Viewer still involves running trusted code on the computer and could initiate other attacks e.g.
- Silently buy L$ and pass onto another account
- Pass token onto bot, and drop the users connection
- Potential for phishing websites to entice users to enter username and password and then pass control to SL website and viewer.
Alternatives
Flexibility
Pros
- Enables username/password authentication to work on third party sites without them having to "see" username and password
Cons
Alternatives
- OpenID
- CardSpace
- Identity Metasystem
Persistence
Pros
Cons
- Inconvenient for those with alts
- Inconvenient for those with multiple clients
Alternatives
- Is this really needed?
--Matthew Dowd 11:27, 29 September 2007 (PDT)