[OpenID] IDProxy.net (Yahoo! -> OpenID)

Simon Willison simon at simonwillison.net
Thu Feb 1 02:57:40 UTC 2007

On 1/29/07, Krall, Gary <gkrall at verisign.com> wrote:
> Tried it this afternoon and it's very cool.  What would be even cooler is when it got a Simple Registration request, it did another BBAuth call to Yahoo! To grab my profile data and then sent that back to the RP.

Sadly that isn't possible. The Yahoo! BBAuth API is extremely limited
in what it can tell you - so much so that it doesn't even give you the
user's Yahoo! ID, instead giving you back a cryptic user hash which is
actually only useful for telling that a user logging in is someone you
have seen before.

There are very good reasons for this - Yahoo! actually have an
excellent privacy policy and take the security of their user database
extremely seriously (when a company gets bought by Yahoo! they almost
always have to tighten up, not loosen, their policy on what they can
do with the user data). BBAuth does the simplest thing that could
possibly be useful for enabling SSO.

Simple registration support is high on my list of things to add to
idproxy, although you'll still have to re-enter your details manually
the first time you use it. If you have any other feature suggestions
for the site I would be very interested in hearing them.

Thanks to links from a number of high traffic sites I've passed 500
registered users now, although it's too early to tell how many of them
will stick around as opposed to just trying it out once.


More information about the general mailing list