?

Log in

No account? Create an account
OpenID in Firefox 3?! - brad's life [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

OpenID in Firefox 3?! [Jan. 11th, 2007|10:36 am]
Brad Fitzpatrick
[Tags|, ]

What's this I hear about OpenID planned for Firefox 3?

Anybody know more?

I'm excited that OpenID adoption is picking up!

(I've even got Ben to add RP/Consumer support to Vox... he just needs to hide a bunch of things in the UI when you're logged in as an OpenID user that you can't do as a "half user"...)
LinkReply

Comments:
From: j4k0b
2007-01-11 06:56 pm (UTC)
Wow, thats gotta make you feel really good seeing something of yours take off so nicely. But I'm sure you've felt that feeling before, haha.

I don't really get how it will be used in Firefox itself though. What exactly do you need to log into in Firefox? The profiles?
(Reply) (Thread)
[User Picture]From: brad
2007-01-11 06:58 pm (UTC)
I imagine it's something like auto-finding the OpenID login box and asking you if you want to login with OpenID, and making your toolbar background green or something if you're at your homesite, for anti-phishing.....

But I'd like more details because all I can do is guess at this point.
(Reply) (Parent) (Thread)
From: evan
2007-01-11 07:27 pm (UTC)
They have a bit on the wiki:
http://wiki.mozilla.org/Firefox3/Firefox_Requirements

Implies it'll be hooked into password manager.
(Reply) (Parent) (Thread)
From: (Anonymous)
2007-01-11 09:58 pm (UTC)
I filed

https://bugzilla.mozilla.org/show_bug.cgi?id=356853

awhile ago, and I asked the OpenID lists what we could do, aside from support the version that uses HTTP headers, but I don't think I got a single answer before discussion drifted off-topic (par for the course on identity lists). Feel free to add suggestions to the bug.
(Reply) (Parent) (Thread)
[User Picture]From: mart
2007-01-11 07:23 pm (UTC)

It's a shame that big sites are making a distinction between “our users” and “that OpenID scum”. You have to start somewhere though, I guess.

(Reply) (Thread)
From: evan
2007-01-11 07:24 pm (UTC)
Users are almost always more trustworthy than OpenID scum: sites can know their own users have passed their own captchas, or that their own users were invited by other known users, etc.
(Reply) (Parent) (Thread)
[User Picture]From: mart
2007-01-11 07:32 pm (UTC)

All of the benefits of a “real” user can be replicated by simply replacing the “Password”/“Confirm Password” step in the registration process with “OpenID Identifier”. Even if you don't want to go that far, there's no reason why you can't make an OpenID user go through a CAPTCHA step the first time you encounter a particular identifier.

After whatever hoops you want to make them jump through on the first encounter, there's no real reason why you can't consider them to be just as trustworthy as your “real” users.

(Reply) (Parent) (Thread)
[User Picture]From: codetoad
2007-01-11 08:01 pm (UTC)
I wish this point could be made more clear when discussing OpenID: Just replace "Password" fields with "Open ID" as an option, and keep your existing user system!

I think the misunderstanding stems from LJ's implementation, which is that OpenID is a different kind of user, rather than a way to authenticate to your normal LJ account..?
(Reply) (Parent) (Thread)
[User Picture]From: mart
2007-01-11 09:13 pm (UTC)

I really wish LJ would do better in that regard. I want to be able to attach my n OpenID identifiers to my main LJ account.

The main problem, I guess, is UI. I think the first step would be separating the following concepts:

  • Account has journal
  • Account's journal is updated manually or via synsuck from a particular URL
  • Account has password vs. using OpenID vs. no login at all

Right now, these things are all lumped together in the journaltype field, which can either be “P” for (has journal, updated manually, has password), “Y” for (has journal, uses synsuck, no login at all) or “I” (no journal, n/a, uses OpenID).

With these things separated out, I could have an account with the currently-impossible tuple (has journal, updated manually, uses OpenID). Obviously as well as the OpenID identifier it would need to have a “journal name”, which is what we currently call the username. If I didn't have a journal, I wouldn't necessarily need one. Ideally, I'd be able to choose whether to be identified on the site by my journal name or one of my associated OpenID identifiers.

I expect that this sort of thing is all a way off on any site, though. ;)

(Reply) (Parent) (Thread)
[User Picture]From: gaal
2007-01-11 09:44 pm (UTC)
Some sites have more drastic account creation steps. Second Life (used to?) require a credit card on your name, for one somewhat extreme example. They might for example allow anybody with an LJ OpenID to post in their forums, without necessarily having a user on their main site.
(Reply) (Parent) (Thread)
[User Picture]From: mart
2007-01-12 07:50 am (UTC)

In Second Life's case, the impression I've got is that users would find it very useful if they were to run an identity server representing their oddly-named users because users tend to use their SL identity on other SL-related sites. I've been told by my friends that use SL that it's a reasonably frequent request but the SL dev guys haven't acted on it, yet. It's a shame, because it'd probably be pretty easy for them to do given that they already have all the web infrastructure in place as far as I can tell.

(Reply) (Parent) (Thread)
[User Picture]From: gaal
2007-01-12 08:34 am (UTC)
Sure, but consider a forum hosted by SL that wants to allow LJ users w/o a SL identity to participate in discussions.
(Reply) (Parent) (Thread)
[User Picture]From: anildash
2007-01-11 10:47 pm (UTC)
oh man i need an "OpenID Scum" t-shirt.
(Reply) (Parent) (Thread)
[User Picture]From: kunzite1
2007-01-12 01:02 am (UTC)
here's an idea:

(Reply) (Parent) (Thread)
From: evan
2007-01-11 07:23 pm (UTC)
I ought to dig up that paper you sketched this all out on back when we went to the Atom premeeting. It's all historical and shit now.
(Reply) (Thread)
(Deleted comment)
[User Picture]From: daveman692
2007-01-12 12:38 am (UTC)
That actually would be really worthwhile to do.
(Reply) (Parent) (Thread)
[User Picture]From: rival
2007-01-11 08:11 pm (UTC)
srsly - I'm surprised it hasn't been more widely adopted. I was talking about it to a coworker just the other day.

Anyway, congratulations -- that's very exciting.
(Reply) (Thread)
[User Picture]From: ketamin
2007-01-11 08:16 pm (UTC)
the only one thing that i know, is if you enter url http://user.livejournal.com/friends?skip=-20 (with any negative digit) - FireFox4 will show few posts from the future. :)
(Reply) (Thread)
(Deleted comment)