vecosys.com — “Digg will support OpenID” said Kevin Rose of Digg at the Future of Web Apps conference in London. Speaking after his presentation, Kevin Rose opened up about plans for the implementation of OpenID, why people submit to Digg, and what the future holds for Digg...Read on.
Feb 20, 2007 View in Crawl 4
cryptoisfunFeb 22, 2007
OpenID makes phishing attacks more dangerous, but we give up security for convenience, and it is more convenient for me to have one username for sites like Digg, Slashdot, and the like. In case a user's password does get compromised,(1) there should be a mechanism to reset passwords like credit card websites that asks you a bunch of personal questions, and(2) some sort of centralized comments management thing to see a list of all the comments you've made, so that you can delete them, etc.It's a cool system...I thought of something like it a while back but never followed through on the details. With that said, I would NEVER use OpenID for secure web transactions.
jackspackFeb 22, 2007
so, how long did it take to actually write the story WHILE KR's c**k was in your mouth?
Closed AccountFeb 22, 2007
Does anyone know why digg somtimes prefixes links like in my post above? its happened to me atleast twice. Might be a weird digg bug.Also it was <a class="user" href="http://www.jyte.com/">http://www.jyte.com/</a> not jytte.com/EDIT: hmm nm, the links lost their prefix, all the links had "<a class="user" href="http://digg.com/tech_news/http://www.jyte.com/">http://digg.com/tech_news/http://www.jyte.com/</a>"
concertinaFeb 22, 2007
Technically there are two different modes for OpenID. As EbilPhish suggests, the mode usually used for web authentication, checkid_setup, causes the user to authenticate on their authenticating site, not on the site requesting authentication.
rlamoniFeb 22, 2007
It still confers the benefits of a single sign-in. However, having your own domain name might make your sign-in shorter. (i.e. JoesSite.com vs. joe123.myopenid.com)
Closed AccountFeb 22, 2007
Why OpenID works:- OpenID is just as secure as email-based authentication.- OpenID lets you control your online identity without being at the mercy of a content/service provider.- OpenID gives nothing to a website other than a URL. You don't give out your email address.- One login for every site that supports OpenIDCommon Security Concerns Addressed:1. "If hackers get my OpenID they control everything I use OpenID with. I'd rather have multiple accounts for the sake of security"Do you a separate email account for each site you are a member of? No? So what happens if someone compromises your email account? There is no security benefit to multiple accounts on one email address vs. using OpenID.In addition OpenID does not associate a password with the sites you are a member of. Do you use the same password on multiple sites? If so, what's to stop a rogue webmaster from trying your account info on sites you have just come from?OpenID gives a URL and nothing else.2. "But someone can fake my OpenID at another provider"No. Unless they have write access to the URL you use as your OpenID, they cannot create a duplicate and authenticate against it. The username at the provider is irrelevant.3. "If someone compromises the OpenID provider they have access to all of my accounts"If your email provider is compromised you are in the same boat. In fact, OpenID is MORE secure than email in a compromise scenario. Email on the other hand often contains account info etc.Your provider doesn't have a list of sites associated with your ID. The attacker would need to know sites you are a member of beforehand.4 "They will just copy/spoof the cookie and have access to everything"There is NO PERSISTENT COOKIE BETWEEN SITES. Authentication transactions happen on every site you log in to. The site is responsible for setting it's own session cookies, just as they do with email based authentication. Again there is NO OPENID COOKIE that follows you around.
thuhnFeb 22, 2007
We all know that the number of OpenID enabled sites is still pretty limited. Digg will be one of the "Big Guys" supporting this new technology - thanks Kevin, this helps a lot! To support the growth of the community, we´ve been putting a lot of effort in gathering all available links in <a class="user" href="http://openiddirectory.com">http://openiddirectory.com</a> . Please check the available sites and submit any more you can find!
bitbytebitFeb 22, 2007
What browser?