[OpenID] What are openids weaknesses?
Hans Granqvist
hans at yubico.com
Sun Sep 2 12:31:28 UTC 2007
On 9/1/07, Johannes Ernst <jernst+openid.net at netmesh.us> wrote:
>
> For me at least, that's not the point. The point is: what can we do
> to make it better? (without changing the low-cost economics)
>
>
1. "Ping pong". OpenID depends on the user-agent's redirect
mechanism and that's where most of the phishing risks appear.
Also, this complex user experience may hinder mass adoption.
2. "I am not a URL." OpenID sees users as web resources, but
identifying yourself with a URL (any type) is geeky and a hurdle
to wide adoption.
These are two issues that I haven't seen discussed in terms of
whether they are necessary in a user-centric protocol such
as OpenID.
Thanks,
Hans
--
Hans Granqvist
CTO
Phone: +1 (408) 524-1598
http://www.yubico.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070902/e1b2a6b0/attachment-0002.htm>
More information about the general
mailing list