Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

This question is mainly aimed at OpenID Connect, when it is fully realized. I un

ID: 661499 • Letter: T

Question

This question is mainly aimed at OpenID Connect, when it is fully realized.

I understand the aversion to signing in with a social networking site, but from what I understand about OIDC, its supposed to finally allow developers to simply implement OIDC once and have it work with every provider.

Once this happens and people have the option to sign in with a non-social-network, and see the options like Symantec and realize that 'oh, this Identity thing isn't just about sharing my email contacts and friends list with the entire planet', I believe that much of the distrust will evaporate.

So ignoring the hesitation to oauth with a social network, and moving onto the question:

Is BYOID as the only way to authenticate, and thus completely outsourcing authentication, a valid security practice?

Explanation / Answer

Yes this is a reasonable approach.

It is not a zero risk approach. If a user does not already have an OpenID Connect account, or they do not understand the concept, the sign up process becomes more difficult and you risk losing that user. Because you are doing something that is non-standard you will get some smart alec users who pester your support guys with pedantic complaints. And if there is some future compromise, perhaps a flaw in the OpenID Connect protocol, you may look foolish compared to the sites that never pursued this approach.

But on balance I believe this is a good thing to do. Most users will already have an account with one of the major provides and will be happy to use that, just as I happily use my Google account to log in to stack exchange. A smaller number of users will have an account with a minor provider, who they've chosen because they like their privacy policy. And some will even run their own OpenID Connect server. I believe this covers everyone's needs, so there is no need to provide a fallback to user name + password authentication.

Related Questions

This question is from a Developmental Biology course. Please answer the followin
Question #98278
This question is from a Managerial Accounting course. I posted it twice for a re
Question #2399707
This question is from a Managerial Accounting course. I posted it twice for a re
Question #2399708
This question is from a Quantitative Business Analysis graduate course. I need h
Question #380989
This question is from a Quantitative Business Analysis graduate course. This is
Question #380691
This question is from a lab on evaluating the rate law for a chemical reaction.
Question #972140
This question is from a physics lab on Gravitational Acceleration. Given that ea
Question #1579347
This question is from a physics lab on Gravitational Acceleration. Given that ea
Question #1872247
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
This question is kind of inspired in this one: Diff(M) as a gauge group and loca
Next
This question is mean! lo help wilh ine noion of condtionai probability end rand

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.