[OpenID] What's broken in OpenID 2.0? (IIW session)
Jonathan Daugherty
cygnus at janrain.com
Thu May 10 15:23:48 UTC 2007
# The idea is that people will use the standard, well-tested,
# battle-worn libraries to handle this stuff. That way they can have
# more confidence of getting it right.
I agree with you, but my experience leads me to think that people will
continue to go their own way because they're unable or unwilling to
use such a library, or because they want to learn the protocol by
writing a new implementation. This is not so true of Python and Ruby,
from what I've seen, but the number of home-grown PHP OpenID
implementations out there is staggering, and practically all of them
have serious problems. We might as well advocate practices in the
spec that reduce risk.
--
Jonathan Daugherty
JanRain, Inc.
irc.freenode.net: cygnus in #openid
cygnus.myopenid.com
More information about the general
mailing list