[OpenID] Reconsidering http://openiddifferent from https://openid
Christopher St John
ckstjohn at gmail.com
Thu Sep 20 19:16:58 UTC 2007
> Neither the web nor DNS were designed to act as a secure
> name service (outside of milnet). Forcing the web/DNS itself
> to impose a consistent identitybased on its 80/20 design
> concept is unlikly to ever work well.
>
In practice, it works very well indeed, handling (imperfectly but
acceptably) many (most?) existing site registration and login
needs via the normal mapping of logins to "verifiable" email
addresses.
There are certainly many applications for which this is not
nearly good enough, but there are plenty of massively complex
general purpose industrial-grade systems out there to use
instead. They litter the landscape like the rusting hulks, I'm
sure it's possible to pick one up cheap without having to
build yet another one.
There's no shame in solving a common subset of a difficult
problem. It's a classic engineering technique to trade scope
for simplicity. I think it would be a shame to try to force
OpenID to become something it's not.
-cks
--
Christopher St. John
http://artofsystems.blogspot.com
More information about the general
mailing list