Monday, February 25, 2008

NSFW?

Let me see if I have this straight

Kim writes
But OpenID doesn’t have the privacy characteristics that would make it suitable for government applications or casual web surfing. And it doesn’t have the security characteristics necessary for financial transactions or access to private data.

and from that post of Kim's Eric deduces

Yet one more reason why you (as a CSO) should be paying attention to OpenID.

Does OpenID provide appropriate security characteristics for the enterprise, ie. is OpenID 'safe for work' or not?

If not, why should a CSO care about it? Because her employees will be used to using their OpenID for non-work surfing and so will demand a similar log-in ceremony for work?

I enjoy the occasional hot-tub but I've never been able to convince any employer that it would be a relevant piece of cubicle furniture.

No comments: