[OpenID] My answers to the nominee questions

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Fri Dec 12 10:11:58 UTC 2008 

On 12/12/2008 09:24 AM, Luke Shepard:
>
> *Things that don’t matter: *OpenID as a brand. As Scott put, who cares 
> about the brand of SMTP? Or HTTP?. Also, some stuff is pretty minor. 
> Like end-to-end support of HTTPS identifiers. If it gets in the way of 
> usability and adoption, then it sucks. The real question is, is an 
> HTTP identifier more secure and usable than using an email and 
> password. If so, then move on.
>

Facebook might not care about security and if their user accounts get 
phished and broken by whatever means, but the heavyweights in the 
computer industry certainly do. Other corporations as well. Just heard 
yesterday from a representative of one of the biggest firms out there 
(without disclosing names) what their real problem is (with OpenID) and 
what needs to change in their point of view in order to higher the 
adoption rate of relying parties (including themselves). You bet that 
security is (still) one of the main concerns. Please also note that your 
provider (Facebook) is only a relying party to itself - if you really 
believe in what you said above than open up and extend the trust to all 
possible OpenID providers.

Facebook Connect? I guess it will be as relevant to WebSSO as Alta Vista 
is for search today - but OpenID is intended to penetrate and influence 
a particular pattern and behavior of the main stream user and his/her 
Internet experience. Those were educated to enter user names and 
passwords for more than a decade, it will take some time to educate them 
to something different. OpenID is more than a protocol or specification 
- it's a spec, product and educational effort where security can't be 
optional but is a way  of life (the same way you've got a lock at your 
house's door). Besides that, SSL/TLS isn't such a big deal these days, 
it's the norm for any authentication form I think.

Regards
Signer: 	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Phone: 	+1.213.341.0390


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081212/cb0d5e60/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6724 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081212/cb0d5e60/attachment-0002.bin>

More information about the general mailing list