Thanks Joab,<div><br></div><div>Completely understood. I for one think that your simplification probably assisted your readers, but I'm not sure I have the full support of the Information Card foundation in that perspective. ;)</div>
<div><br></div><div>The more the merrier, but it's true — this is a very complicated story to tell beyond the "it's kind of like the sign in with Facebook" experience — and yet so, so not. Thanks for taking the first stab — otherwise a rather complete telling of the story so far.</div>
<div><br></div><div>Chris<br><br><div class="gmail_quote">On Mon, Sep 28, 2009 at 9:33 PM, Joab Jackson <span dir="ltr"><<a href="mailto:home@joabj.com">home@joabj.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Genetlemen,<br>
<br>
Hello! This is the author of the story, Joab. Thanks for the CC'ing me--I will indeed make these clarifications and corrcections to th online version of the article.<br>
<br>
I deliberately kept the Information Card out of this article if only to simplify the explanation of OpenID as much as possible. I think with many of our readers, we are starting at ground zero at explaining this concept. So, for better or worse, I was simplifying. I do plan on writing a separate blog entry explaining the Information Card in detail, however...<br>
<font color="#888888">
<br>
joab</font><div><div></div><div class="h5"><br>
<br>
<br>
Chris Messina wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The article is here:<br>
<br>
<a href="http://gcn.com/articles/2009/09/28/openid-authentication-for-federal-web-sites.aspx" target="_blank">http://gcn.com/articles/2009/09/28/openid-authentication-for-federal-web-sites.aspx</a><br>
<br>
Unfortunately, it suffers from a number of inaccuracies or misleading<br>
statements, which may warrant a simple blog post welcoming this<br>
review, but highlighting some clarifications:<br>
<br>
"OpenID is fundamentally a way you can use your browser to<br>
authenticate to a Web site by using a third-party identity provider,"<br>
said Drummond Reed, one of the founding board members of the OpenID<br>
Foundation, which oversees OpenID.<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Drummond was indeed a founding member of the OIDF, but this quote makes it sound like he's speaking on behalf of the OIDF board, which I don't think was his intention...<br>
<br>
</blockquote></blockquote>
<br>
<br>
"For users, the chief appeal of OpenID is that it could provide a<br>
single name and password combination for a wide variety of sites."<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
This kind of language concerns me — and I've recently heard feedback that the government will be able to "get your Facebook password" if you use OpenID on a government site... while the convenience of this statement is not to be ignored, it should be clarified that one's password is NEVER shared with an OpenID consumer/relying party (or the government!).<br>
<br>
</blockquote></blockquote>
<br>
<br>
"The list of consumer Web sites that accept OpenID as credentials is<br>
growing, even if they lean toward the geeky side: Slashdot, Facebook,<br>
Google, Technorati, LiveJournal and Yahoo. "<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Google, Yahoo and Technorati do not accept OpenID credentials, AFAIK. They provide them, but do not accept them.<br>
<br>
</blockquote></blockquote>
<br>
<br>
"The OpenID Foundation says more than 27,000 sites use the protocol,<br>
although actual use on the part of the Web populace remains an open<br>
question: One Internet service, called WetPaint, dropped support for<br>
OpenID, noting that of its 1 million registered users, only 200 logged<br>
on with OpenID accounts. Other sites, such as Facebook and Google,<br>
hide their OpenID log-on pages."<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
As of July, according to Janrain, it looks like we're closer to 50K relying parties:<br>
<br>
</blockquote></blockquote>
<br>
<a href="http://blog.janrain.com/2009/07/relying-party-stats-as-of-july-1-2009.html" target="_blank">http://blog.janrain.com/2009/07/relying-party-stats-as-of-july-1-2009.html</a><br>
<br>
And, while it's true that Wetpaint removed OpenID from their site, I<br>
can personally attest to how AWFUL their implementation was:<br>
<br>
<a href="http://www.flickr.com/photos/factoryjoe/2478951850/" target="_blank">http://www.flickr.com/photos/factoryjoe/2478951850/</a><br>
<br>
Also, Google doesn't so much as hide their OpenID logon pages as they<br>
don't support it (unless we're talking about Google Apps for your<br>
Domain?<br>
<br>
<br>
"A Web site that uses OpenID credentials assumes only that any OpenID<br>
provider is supplying verification that a person wishing to register<br>
under a certain account knows the password of that account, the OpenID<br>
Foundation’s Reed said. "<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Once again, it would appear that Drummond is speaking on behalf of the OpenID Foundation.<br>
<br>
</blockquote></blockquote>
<br>
Otherwise, it's a pretty good article.<br>
<br>
Chris<br>
<br>
<br>
<br>
</blockquote>
<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chris Messina<br>Open Web Advocate<br><br>Personal: <a href="http://factoryjoe.com">http://factoryjoe.com</a><br>Follow me on Twitter: <a href="http://twitter.com/chrismessina">http://twitter.com/chrismessina</a><br>
<br>Citizen Agency: <a href="http://citizenagency.com">http://citizenagency.com</a><br>Diso Project: <a href="http://diso-project.org">http://diso-project.org</a><br>OpenID Foundation: <a href="http://openid.net">http://openid.net</a><br>
<br>This email is: [ ] shareable [X] ask first [ ] private<br>
</div>