The author of the post (Joab Jackson) was CC'd on my original email, so hopefully he'll consider these slight adjustments. ;)<div><br></div><div>Chris<br><br><div class="gmail_quote">On Fri, Sep 25, 2009 at 10:28 AM, David Recordon <span dir="ltr"><<a href="mailto:recordond@gmail.com">recordond@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
I had the same thoughts, but not quite as strongly as you. I think it<br>
shows once again that the difference between OpenID and InfoCards is<br>
not understood. We might want to reach out to the author (or leave a<br>
comment) about the small number of inaccuracies, but I don't think<br>
that it deserves a post by itself.<br>
<font color="#888888"><br>
--David<br>
</font><div><div></div><div class="h5"><br>
On Fri, Sep 25, 2009 at 10:23 AM, Chris Messina <<a href="mailto:chris.messina@gmail.com">chris.messina@gmail.com</a>> wrote:<br>
><br>
> The article is here:<br>
><br>
> <a href="http://gcn.com/articles/2009/09/28/openid-authentication-for-federal-web-sites.aspx" target="_blank">http://gcn.com/articles/2009/09/28/openid-authentication-for-federal-web-sites.aspx</a><br>
><br>
> Unfortunately, it suffers from a number of inaccuracies or misleading<br>
> statements, which may warrant a simple blog post welcoming this<br>
> review, but highlighting some clarifications:<br>
><br>
> "OpenID is fundamentally a way you can use your browser to<br>
> authenticate to a Web site by using a third-party identity provider,"<br>
> said Drummond Reed, one of the founding board members of the OpenID<br>
> Foundation, which oversees OpenID.<br>
><br>
>>> Drummond was indeed a founding member of the OIDF, but this quote makes it sound like he's speaking on behalf of the OIDF board, which I don't think was his intention...<br>
><br>
><br>
> "For users, the chief appeal of OpenID is that it could provide a<br>
> single name and password combination for a wide variety of sites."<br>
><br>
>>> This kind of language concerns me — and I've recently heard feedback that the government will be able to "get your Facebook password" if you use OpenID on a government site... while the convenience of this statement is not to be ignored, it should be clarified that one's password is NEVER shared with an OpenID consumer/relying party (or the government!).<br>
><br>
><br>
> "The list of consumer Web sites that accept OpenID as credentials is<br>
> growing, even if they lean toward the geeky side: Slashdot, Facebook,<br>
> Google, Technorati, LiveJournal and Yahoo. "<br>
><br>
>>> Google, Yahoo and Technorati do not accept OpenID credentials, AFAIK. They provide them, but do not accept them.<br>
><br>
><br>
> "The OpenID Foundation says more than 27,000 sites use the protocol,<br>
> although actual use on the part of the Web populace remains an open<br>
> question: One Internet service, called WetPaint, dropped support for<br>
> OpenID, noting that of its 1 million registered users, only 200 logged<br>
> on with OpenID accounts. Other sites, such as Facebook and Google,<br>
> hide their OpenID log-on pages."<br>
><br>
>>> As of July, according to Janrain, it looks like we're closer to 50K relying parties:<br>
><br>
> <a href="http://blog.janrain.com/2009/07/relying-party-stats-as-of-july-1-2009.html" target="_blank">http://blog.janrain.com/2009/07/relying-party-stats-as-of-july-1-2009.html</a><br>
><br>
> And, while it's true that Wetpaint removed OpenID from their site, I<br>
> can personally attest to how AWFUL their implementation was:<br>
><br>
> <a href="http://www.flickr.com/photos/factoryjoe/2478951850/" target="_blank">http://www.flickr.com/photos/factoryjoe/2478951850/</a><br>
><br>
> Also, Google doesn't so much as hide their OpenID logon pages as they<br>
> don't support it (unless we're talking about Google Apps for your<br>
> Domain?<br>
><br>
><br>
> "A Web site that uses OpenID credentials assumes only that any OpenID<br>
> provider is supplying verification that a person wishing to register<br>
> under a certain account knows the password of that account, the OpenID<br>
> Foundation’s Reed said. "<br>
><br>
>>> Once again, it would appear that Drummond is speaking on behalf of the OpenID Foundation.<br>
><br>
> Otherwise, it's a pretty good article.<br>
><br>
> Chris<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Personal: <a href="http://factoryjoe.com">http://factoryjoe.com</a><br>Follow me on Twitter: <a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a><br>
<br>Citizen Agency: <a href="http://citizenagency.com">http://citizenagency.com</a><br>Diso Project: <a href="http://diso-project.org">http://diso-project.org</a><br>OpenID Foundation: <a href="http://openid.net">http://openid.net</a><br>
<br>This email is: [ ] shareable [X] ask first [ ] private<br>
</div>