Comments on Wang-Chen-Wang paper on OpenID Implementation Vulnerability

In the paper titled “Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services“, Rui Wang, Shuo Chen, XiaoFeng Wang reported the “vulnerability” in some OpenID 2.0 implementations. The vulnerability they listed can probably be named as “OpenID Signature Check Failure” and “OpenID Data Type Confusion”. […]