[OpenID board] GCN (Government Computer News) covers OpenID
David Recordon
recordond at gmail.com
Fri Sep 25 17:28:09 UTC 2009
I had the same thoughts, but not quite as strongly as you. I think it
shows once again that the difference between OpenID and InfoCards is
not understood. We might want to reach out to the author (or leave a
comment) about the small number of inaccuracies, but I don't think
that it deserves a post by itself.
--David
On Fri, Sep 25, 2009 at 10:23 AM, Chris Messina <chris.messina at gmail.com> wrote:
>
> The article is here:
>
> http://gcn.com/articles/2009/09/28/openid-authentication-for-federal-web-sites.aspx
>
> Unfortunately, it suffers from a number of inaccuracies or misleading
> statements, which may warrant a simple blog post welcoming this
> review, but highlighting some clarifications:
>
> "OpenID is fundamentally a way you can use your browser to
> authenticate to a Web site by using a third-party identity provider,"
> said Drummond Reed, one of the founding board members of the OpenID
> Foundation, which oversees OpenID.
>
>>> Drummond was indeed a founding member of the OIDF, but this quote makes it sound like he's speaking on behalf of the OIDF board, which I don't think was his intention...
>
>
> "For users, the chief appeal of OpenID is that it could provide a
> single name and password combination for a wide variety of sites."
>
>>> This kind of language concerns me — and I've recently heard feedback that the government will be able to "get your Facebook password" if you use OpenID on a government site... while the convenience of this statement is not to be ignored, it should be clarified that one's password is NEVER shared with an OpenID consumer/relying party (or the government!).
>
>
> "The list of consumer Web sites that accept OpenID as credentials is
> growing, even if they lean toward the geeky side: Slashdot, Facebook,
> Google, Technorati, LiveJournal and Yahoo. "
>
>>> Google, Yahoo and Technorati do not accept OpenID credentials, AFAIK. They provide them, but do not accept them.
>
>
> "The OpenID Foundation says more than 27,000 sites use the protocol,
> although actual use on the part of the Web populace remains an open
> question: One Internet service, called WetPaint, dropped support for
> OpenID, noting that of its 1 million registered users, only 200 logged
> on with OpenID accounts. Other sites, such as Facebook and Google,
> hide their OpenID log-on pages."
>
>>> As of July, according to Janrain, it looks like we're closer to 50K relying parties:
>
> http://blog.janrain.com/2009/07/relying-party-stats-as-of-july-1-2009.html
>
> And, while it's true that Wetpaint removed OpenID from their site, I
> can personally attest to how AWFUL their implementation was:
>
> http://www.flickr.com/photos/factoryjoe/2478951850/
>
> Also, Google doesn't so much as hide their OpenID logon pages as they
> don't support it (unless we're talking about Google Apps for your
> Domain?
>
>
> "A Web site that uses OpenID credentials assumes only that any OpenID
> provider is supplying verification that a person wishing to register
> under a certain account knows the password of that account, the OpenID
> Foundation’s Reed said. "
>
>>> Once again, it would appear that Drummond is speaking on behalf of the OpenID Foundation.
>
> Otherwise, it's a pretty good article.
>
> Chris
More information about the board
mailing list