[OpenID] general Digest, Vol 15, Issue 15

Christopher St John ckstjohn at gmail.com
Tue Nov 27 21:34:55 UTC 2007


On Nov 27, 2007 3:46 PM, Luke Sontag <luke.sontag at vidoop.com> wrote:
>
> I completely disagree that anyone who uses OpenID for financial transactions
> would be crazy.  For one, OpenID can make tremendous sense economically for
> any financial institution.

You've conflated two issues:

 #1) It would save banks money to offload certain authentication tasks.
 #2) Banks should use OpenID for authentication tasks.

Number two does not necessarily follow from number one. I'd like to see a
substantial amount of operational experience with OpenID before I'd want
my bank to use it for high-value transactions. Note that even if a standard
is basically sound, wide deployment into production will reveal common
implementation and deployment problems.

I know this sounds awful, but traditionally you phase it in gradually, getting
burned and hacked at each phase before you decide all the holes are fixed
and you up the stakes and get burned again, until at some point the
technology becomes a best practice. That definitely has not happened yet
with OpenID (but it's getting there).

So, +1 on it being crazy for a bank to use OpenID right now.

-cks

-- 
Christopher St. John
http://artofsystems.blogspot.com



More information about the general mailing list