bugmenot isn't going to work if you want to try something out such as flickr or digg. bugmenot doesn't work for the comments example in the article. in fact bugmenot only works for a small fraction of sites that require a sign up. did you RTFA?
I'm wondering the same thing ... I understand the first login using an openid "url" - where you have to authenticate the service that's wanting to use the openid "url". But what about the subsequent times the url is used for a login?
Simon,Lots of good ideas here. I'm all in favour of doing away with a zillion registrations. Except...The unspecified server authentication step (though I'm sure that's no big shock to anyone), is a HUGE problem.This is extremely dangerous, as if someone manages to fool the 'unspecified authentication step', then they've stolen access for all your logins. Imagine a million inapropriate comments posted under your name. Imagine that with eCommerce implications.Furthermore, and unfortunately, most users are incapable of writing a helloworld.html file, let alone uploading via ftp to a server. The critical mass for implementation involves extending this to people outside the development community, which is very challenging.How does a user choose the level of personal information authorized for a particular site? How does the user prevent a caching of the login to a particular site? It seems that if automatic login was enabled for the verification site, then a second user could come along and log into ANY site by simply typing in the openID that was used by the previous user for a single previous site. (which I'm assuming is the step which makes it more convenient than specifying the same login/password at every site)Jelfurie's comment is also great: Do I lose my login priviledges to everything online if my site ever goes down (hosting, digg effect, hack)? If I lose my domain? If the blog URI changes structure? What about cross-site scripting hacks?IEEEk (that's the sound of a committee of engineers shrieking in panic)Francis
Yes, but OpenID doesn't give you trust. Because of its decentralized nature someone could easily bring up an OpenID identity provider that does "bad things". Its definitely something that the OpenID community doesn't quite have an answer for yet.
nofxjunkeeDec 19, 2006
bugmenot isn't going to work if you want to try something out such as flickr or digg. bugmenot doesn't work for the comments example in the article. in fact bugmenot only works for a small fraction of sites that require a sign up. did you RTFA?
joliveiraDec 19, 2006
I'm wondering the same thing ... I understand the first login using an openid "url" - where you have to authenticate the service that's wanting to use the openid "url". But what about the subsequent times the url is used for a login?
francisewDec 19, 2006
Simon,Lots of good ideas here. I'm all in favour of doing away with a zillion registrations. Except...The unspecified server authentication step (though I'm sure that's no big shock to anyone), is a HUGE problem.This is extremely dangerous, as if someone manages to fool the 'unspecified authentication step', then they've stolen access for all your logins. Imagine a million inapropriate comments posted under your name. Imagine that with eCommerce implications.Furthermore, and unfortunately, most users are incapable of writing a helloworld.html file, let alone uploading via ftp to a server. The critical mass for implementation involves extending this to people outside the development community, which is very challenging.How does a user choose the level of personal information authorized for a particular site? How does the user prevent a caching of the login to a particular site? It seems that if automatic login was enabled for the verification site, then a second user could come along and log into ANY site by simply typing in the openID that was used by the previous user for a single previous site. (which I'm assuming is the step which makes it more convenient than specifying the same login/password at every site)Jelfurie's comment is also great: Do I lose my login priviledges to everything online if my site ever goes down (hosting, digg effect, hack)? If I lose my domain? If the blog URI changes structure? What about cross-site scripting hacks?IEEEk (that's the sound of a committee of engineers shrieking in panic)Francis
azapDec 19, 2006
Haha i rlleay dnot thikn I ma Dyslxeci
rubahDec 19, 2006
Thinking about it, could this possibly be a good way to set up a tagboard or a guestbook and eliminate a bunch of botspam?
kvetonDec 19, 2006
Yes, but OpenID doesn't give you trust. Because of its decentralized nature someone could easily bring up an OpenID identity provider that does "bad things". Its definitely something that the OpenID community doesn't quite have an answer for yet.
yahoofromDec 20, 2006
I hope major Korean websites support OpenID instead of forcing everybody to type in social registration numbers.
grawityDec 20, 2006
myopenid.com is da best
mxclDec 21, 2006
I tried that one, but prefer this one:<a class="user" href="http://verselogic.net/projects/wordpress/wordpress-openid-plugin/">http://verselogic.net/projects/wordpress/wordpress-openid-plugin/</a>That one was made my JanRain, the OpenID company thing.