Comments on: The OpenID Dillemma

By: Frederique

Frederique — Tue, 21 Apr 2009 09:21:02 +0000

I really do think that OpenID is the future. The previous months a lot of big player finnaly supported OpenID loggin. But I agree it’s still a bit of a way to go…

By: Anthony Picciano

Anthony Picciano — Thu, 15 Jan 2009 19:25:52 +0000

The dilemma is that OpenID is based on trust. You cannot force a provider to trust any OpenID — there’s no trust there.

I agree that in its present condition OpenID is broken and almost useless.

By: paul

paul — Sat, 09 Aug 2008 17:14:55 +0000

Stop crying and read up on the trust model of OpenID (or better: the lack thereof). Why on earth should the website you’re trying to login trust some random OpenID provider?

By: Ori Avtalion

Ori Avtalion — Sat, 23 Feb 2008 11:23:46 +0000

Hmm.. Wasn’t there an OpenID login on this site?

I apologize in advance for this horribly long comment.

The reason why so many websites are becoming providers is because it’s relatively easy:
Just hook the authentication server into your already-existing cross-site login system, and add a meta tag at the top of the user’s personal page.

(“Cross-site login system” may not be the correct term, but I’m referring to the service that TypeKey, Yahoo, Google, MS Passport etc. offer which allows you to integrate their authentication mechanisms on your personal website’s login page — basically the proprietary alternative for OpenID)

Becoming a Consumer is much harder. You have to create new tables in the database that link OpenID accounts to your exiting user accounts, and figure out how ito integrate it with your existing interface which would allow the common non-techy user to discover/ignore OpenID if he/she pleases to.

In the recent OpenID DevCamp, an effort was started to provide recommended methods of interface integration, with the help of UI experts. (I may not have all the details straight, but it’s one of the goals).
Once this is done, I expect big-time consumers to appear in a slightly faster rate.

Until that happens, almost any web-user will have at least one OpenID account through a popular website which is a Good Thing. Consumers will be able to implement “smart” login forms with “login with ” fields instead of “login with OpenID”.

Then the only problem would be to teach the users that they were really using OpenID

By: Gary W. Longsine

Gary W. Longsine — Thu, 21 Feb 2008 17:03:23 +0000

The Djinni is probably out of the bottle now, but this seems like a problem that might have been addressable with the proper type of license from the outset. It could have been specified that use of the “OpenID” name requires acceptance of OpenID credentials from elsewhere, for example. As with so many problems like this, how to put the Djinni back in the bottle isn’t immediately apparent.

/gary

By: Daniel

Daniel — Thu, 21 Feb 2008 12:51:36 +0000

I second this. There need to be more OpenID consumer enabled sites.
I often find myself skipping registration on a site, which does not support OpenID yet.

A directory of OpenID enabled sites is available at https://www.myopenid.com/directory

By: Louise

Louise — Thu, 21 Feb 2008 11:47:30 +0000

OpenID is a great idea. Can’t wait to see it accepted by everyone. In the meantime, while waiting for wider acceptance, password managers are a great alternative. So basically you store all non-OpenID logins in one place.
Something to consider while waiting for OpenID to go global!

I work at PassPack, an online password manager. You may want to have a look:

http://passpack.com/info/home/

Louise

By: Dmitri

Dmitri — Thu, 21 Feb 2008 05:50:24 +0000

I think you have a typo: “large companies to become OpenID providers, but now allow logging into their service with your OpenID account”, you probably mean “not allow” rather then “now”.

I totally agree with your article tho, it’s stupid to provide IDs but not accept them for creating accounts.

By: Aaron

Aaron — Wed, 20 Feb 2008 23:04:45 +0000

@Dax Kelson- Partial YUP. I can only use my OpenID URL to comment, not to create a LiveJournal or Blogger account, or use an existing OpenID to authenticate for logging into those accounts. As far as I’m concerned, it’s not good enough. Leaving comments on peoples blogs with your OpenID is different than logging into that account with OpenID.

By: Dax Kelson

Dax Kelson — Wed, 20 Feb 2008 23:02:19 +0000

“What about LiveJournal? WordPress? Yahoo!? Blogger? etc. NOPE.”

Sorry. Two of your 4 “NOPE” examples are actually “YUP”. LiveJournal and Blogger let you leave comments with OpenID authentication.

By: Artūras B.

Artūras B. — Wed, 20 Feb 2008 20:13:45 +0000

My two cents to this discussion:
I think big companies just found a good (open and free) solution that siutes their SSO needs – for the whole portfolio of their services. And this is pitty…
I think that the OpenID license should include some additional terms for public OpenID providers – they must not only provide OpenIDs but also accept external ones for logins. That would mean full (consumer plus provider) OpenID support for public OpenID services.

By: Sam Hasler

Sam Hasler — Wed, 20 Feb 2008 19:24:17 +0000

Who cares about the big players, it’s the long tail of consumer sites where OpenID will be really useful.

I’ve got accounts for most the bigger sites anyway and since I use them frequently it’s not a burden to remember my username/password for them. It’s the long tail of little sites that lots of people may check out but can’t be bothered to create an account for, or forget their login details when the revisit two months since they last used it that will get the most benefit from consuming OpenIDs.

By: Dread Knight

Dread Knight — Wed, 20 Feb 2008 19:18:42 +0000

Anyway, i am sure google will do lots of good with gmail. I bet my money on google.

By: Dread Knight

Dread Knight — Wed, 20 Feb 2008 19:17:42 +0000

//Large greedy companies are free to su** on my big co**.

I noticed this myself these days. OpenID went straight to the dump yard for me, too bad since it was a good concept.

By: Wolfger

Wolfger — Wed, 20 Feb 2008 17:53:40 +0000

I have two LJ accounts. One I created a long time ago, and one for my WordPress OpenID. So yes, LJ supports OpenID. I simply haven’t tried the others.