Is it safe to publish my OpenID?

Question

I currently have one OpenID that I use from a provider, it's something like:

http://www.example.com/miffthefox/

However, I want to be able to type the address of my personal website instead of the OpenID, yet still be able to use example.com as the OpenID provider. It seems I can do this via OpenID delegation, by adding the right meta tags to my personal home page, I can redirect it to my OpenID provider.

However, since my personal home page is public, I'm worried about other users visiting my site and grabbing my OpenID. Is this something I should be worried about?

score 6 · Accepted Answer · answered Oct 05 '09 at 20:15

6

Just ensure your OpenID has a secure password. It's as secure as anything else over https that's password protected.

answered Oct 05 '09 at 20:15

score 3 · Answer 2 · answered Oct 05 '09 at 21:19

3

Someone looking at the code of your site could then figure out that MiffTheFox uses that OpenID server. So what? You tell every web site you log into that anyway. The actual OpenID verification, as John T. says, is protected by SSL.

answered Oct 05 '09 at 21:19

CarlF

8,872

Is it safe to publish my OpenID?

2 Answers2