[OpenID] What are openids weaknesses?
John Panzer
jpanzeracm at johnpanzer.com
Sun Sep 2 21:43:42 UTC 2007
Hans Granqvist wrote:
> On 9/1/07, *Johannes Ernst* <jernst+openid.net at netmesh.us
> <mailto:jernst+openid.net at netmesh.us>> wrote:
>
> For me at least, that's not the point. The point is: what can we do
> to make it better? (without changing the low-cost economics)
>
>
> 1. "Ping pong". OpenID depends on the user-agent's redirect
> mechanism and that's where most of the phishing risks appear.
> Also, this complex user experience may hinder mass adoption.
>
> 2. "I am not a URL." OpenID sees users as web resources, but
> identifying yourself with a URL (any type) is geeky and a hurdle
> to wide adoption.
It's interesting in this context that every major identity provider now
allows a specific kind of URL (mailto: URLs) for identification. I
remember claims at AOL that "users don't understand email addresses"; I
think they've learned well enough.
This is not an argument that Yet Another Namespace isn't annoying, but
that there is suggestive history that this isn't a long term problem.
More information about the general
mailing list