security
Scott Kveton
scott at janrain.com
Mon Oct 23 03:15:23 UTC 2006
Hi Alaric,
> Is OpenID/Identity 2.0 really a house of cards? Giving nothing to the world
> other than blogs and other useless sites a way to simplify their
> authentication?
I believe the same thing was said about the Internet when it was first
developed. "Its neat, but nobody would ever use it for anything useful."
You have to start _somewhere_.
The "blogs and other useless sites" are the perfect place to start. Instead
of writing a specification that takes into account 100% of use cases from
day one, let's do something that solves a big swath of use cases with a
minimal amount of effort; both for users and sites.
I'm not saying we shouldn't secure this technology. Its absolutely
critical. However, I believe "simple and open" need to come first to aid in
adoption and more importantly for us to figure out how users are going to
use this technology. There are lots of great technologies out that are
completely secure but utterly useless for end-users.
- Scott
More information about the general
mailing list