?

Log in

No account? Create an account
http://www.sitepoint.com/blogs/2008/10/30/the-single-sign-on-war-will… - brad's life [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

[Oct. 30th, 2008|12:14 am]
Brad Fitzpatrick
[Tags|, ]

http://www.sitepoint.com/blogs/2008/10/30/the-single-sign-on-war-will-ruin-openid/
LinkReply

Comments:
[User Picture]From: caladri
2008-10-30 07:37 am (UTC)
Huh. You know, I never would have expected a Google OpenID to get me access to services related to a Yahoo! account, at least until a good way existed to associate a pair of OpenID ids. I always thought the great thing about OpenID was establishing an identity, not acquiring a service. So if I write a random web-thing or web-forum where people need logins, I don't have to manage that myself, I can outsource it to OpenID. If I want to write something that provides a service to LJ users, I can just ask them to log in with an LJ OpenID. I think it's silly to conflate OpenID with single sign-on, as the article seems to do. It seems like there's room for something like OpenID to exist alongside single sign-on, even if SSO providers provide OpenIDs that can be used for when all you need is an identity, not an account. Humbug. Crackheads.
(Reply) (Thread)
[User Picture]From: robbat2
2008-10-30 09:03 am (UTC)
what's your take on the use of email addresses as identifiers?
(Reply) (Thread)
From: ext_60419
2008-10-30 10:37 am (UTC)

Maybe this will help

http://brad.livejournal.com/2357444.html

Strangely it was not tagged with OpenID.
(Reply) (Parent) (Thread)
[User Picture]From: brad
2008-10-30 08:30 pm (UTC)

Re: Maybe this will help

Tags updated.
(Reply) (Parent) (Thread)
From: ext_130993
2008-10-30 07:43 pm (UTC)
Brad actually proposed one of the first (http://brad.livejournal.com/2357444.html) Email to URL mappings, which was the basis for the EAUT spec (http://eaut.org/).
(Reply) (Parent) (Thread)
[User Picture]From: ydna
2008-10-30 09:28 am (UTC)
No comment, eh? I was foolishly hoping you'd speak up. But I also understand it's not really necessary. I read one of Recordon's comments somewhere (in response to some whining) and figured, yeah it's no big deal: people just need to chill out or STFU. But I'd love to hear your opinions on it (if it's permissible).
(Reply) (Thread)
[User Picture]From: schernyshev
2008-10-31 01:07 am (UTC)
I don't think it's a big deal - it's unrealistic to expect such big players to become consumers from the very first day, I think it's still good that those guys are promoting OpenID and creating so many credentials.

Actually my bigger concern is that some OpenID consumers are limiting a set of providers they allow to log in - this is clearly an issue as they will block small players like personal OpenID providers from being in the game killing the whole idea.

I wonder if some big company (like Verisign or SixApart, for example) can help enforce the purity of OpenID. Brad, do you think it's possible?

(Reply) (Thread)
[User Picture]From: jes5199
2008-10-31 06:31 am (UTC)
so... google's openID implementation doesn't actually let me sign in anywhere that's not explicitly affiliated with Google?
Isn't that the opposite of openid?
(Reply) (Thread)
[User Picture]From: brad
2008-10-31 06:48 am (UTC)
No, you misunderstood.
(Reply) (Parent) (Thread)
[User Picture]From: jes5199
2008-10-31 06:49 am (UTC)
okay, but there seems to be a lack of "this is your openid url". how do I use it?
(Reply) (Parent) (Thread)
[User Picture]From: brad
2008-10-31 06:50 am (UTC)
It does lack that.
(Reply) (Parent) (Thread)
[User Picture]From: mart
2008-11-01 10:04 am (UTC)

That was the case for the first day or so, but they opened it up quickly when they realised that loads of sites wanted to play and maintaining the whilelist was a waste of resources.

(Reply) (Parent) (Thread)
[User Picture]From: thedimka
2008-10-31 02:21 pm (UTC)
So, it looks like they are not really supporting OpenID, it works only as a one way street.
It's like two countries, one requires visa for entry and another one does not. And situation like that is not called no-visa-required. Basically they are all set to abuse the system (opposite of "do no evil", and similar to microsoft's old tricks with java)
(Reply) (Thread)