[OpenID board] GCN (Government Computer News) covers OpenID
chris.messina at gmail.com
Fri Sep 25 18:32:19 UTC 2009
The author of the post (Joab Jackson) was CC'd on my original email, so
hopefully he'll consider these slight adjustments. ;)
On Fri, Sep 25, 2009 at 10:28 AM, David Recordon <recordond at gmail.com>wrote:
> I had the same thoughts, but not quite as strongly as you. I think it
> shows once again that the difference between OpenID and InfoCards is
> not understood. We might want to reach out to the author (or leave a
> comment) about the small number of inaccuracies, but I don't think
> that it deserves a post by itself.
> On Fri, Sep 25, 2009 at 10:23 AM, Chris Messina <chris.messina at gmail.com>
> > The article is here:
> > Unfortunately, it suffers from a number of inaccuracies or misleading
> > statements, which may warrant a simple blog post welcoming this
> > review, but highlighting some clarifications:
> > "OpenID is fundamentally a way you can use your browser to
> > authenticate to a Web site by using a third-party identity provider,"
> > said Drummond Reed, one of the founding board members of the OpenID
> > Foundation, which oversees OpenID.
> >>> Drummond was indeed a founding member of the OIDF, but this quote makes
> it sound like he's speaking on behalf of the OIDF board, which I don't think
> was his intention...
> > "For users, the chief appeal of OpenID is that it could provide a
> > single name and password combination for a wide variety of sites."
> >>> This kind of language concerns me — and I've recently heard feedback
> that the government will be able to "get your Facebook password" if you use
> OpenID on a government site... while the convenience of this statement is
> not to be ignored, it should be clarified that one's password is NEVER
> shared with an OpenID consumer/relying party (or the government!).
> > "The list of consumer Web sites that accept OpenID as credentials is
> > growing, even if they lean toward the geeky side: Slashdot, Facebook,
> > Google, Technorati, LiveJournal and Yahoo. "
> >>> Google, Yahoo and Technorati do not accept OpenID credentials, AFAIK.
> They provide them, but do not accept them.
> > "The OpenID Foundation says more than 27,000 sites use the protocol,
> > although actual use on the part of the Web populace remains an open
> > question: One Internet service, called WetPaint, dropped support for
> > OpenID, noting that of its 1 million registered users, only 200 logged
> > on with OpenID accounts. Other sites, such as Facebook and Google,
> > hide their OpenID log-on pages."
> >>> As of July, according to Janrain, it looks like we're closer to 50K
> relying parties:
> > And, while it's true that Wetpaint removed OpenID from their site, I
> > can personally attest to how AWFUL their implementation was:
> > http://www.flickr.com/photos/factoryjoe/2478951850/
> > Also, Google doesn't so much as hide their OpenID logon pages as they
> > don't support it (unless we're talking about Google Apps for your
> > Domain?
> > "A Web site that uses OpenID credentials assumes only that any OpenID
> > provider is supplying verification that a person wishing to register
> > under a certain account knows the password of that account, the OpenID
> > Foundation’s Reed said. "
> >>> Once again, it would appear that Drummond is speaking on behalf of the
> OpenID Foundation.
> > Otherwise, it's a pretty good article.
> > Chris
Open Web Advocate
Follow me on Twitter: http://twitter.com/chrismessina
Citizen Agency: http://citizenagency.com
Diso Project: http://diso-project.org
OpenID Foundation: http://openid.net
This email is: [ ] shareable [X] ask first [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the board