No subject

Fri Jun 6 22:09:24 UTC 2008

users, when offered OpenID login on a site they are more willing to =
register then without. It's only the authentication which is =
"outsourced" not the user base itself. That's a point which needs =
education perhaps.

1.	You don't trust that OpenID provider is secure enough. You are =
responsible for any user data, and don't want the third-party provider =
to be involved in how secure your user data is

Allow only providers you trust. It's easy as that.

1.	OpenID implementation is very complicated

This is a valid point and most popular blogs, forums require some extra =
work to have OpenID login. Certainly for implementing your own login =
facility. Until the big web applications don't ship OpenID built-in =
(like WordPress, Phpbb forum, wikimedia) this is a hurdle.

With the same argument, point 4 is also not totally valid! A user =
understands who to trust, and build up that trust over time. With big =
players like <http://openid.yahoo.com/> Yahoo providing OpenID, I think =
this barrier is gone.

I don't view Yahoo as a secure provider, sorry.

And if you say OpenID implementation is complicated, you need to look =
around. The <http://openid.net/developers/> developers section on =
openid.net could be a good starting point.

That's a lame argument. For many implementation is impossible or very =
burdensome. See above...the most popular web applications need to ship =
OpenID built-in!

Regards=20

=20

Signer:=20

Eddy Nigg, StartCom Ltd. <http://www.startcom.org>=20

Jabber:=20

startcom at startcom.org

Blog:=20

Join the Revolution! <http://blog.startcom.org>=20

Phone:=20

+1.213.341.0390

=20

=20

------=_NextPart_000_0061_01C8D6AE.92C7F290
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";
	color:black;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";
	color:black;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
	{page:Section1;}
 /* List Definitions */
 @list l0
	{mso-list-id:545995834;
	mso-list-template-ids:1603849248;}
@list l0:level1
	{mso-level-tab-stop:36.0pt;
	mso-level-number-position:left;
	text-indent:-18.0pt;}
@list l1
	{mso-list-id:969553308;
	mso-list-template-ids:-1431553570;}
@list l1:level1
	{mso-level-tab-stop:36.0pt;
	mso-level-number-position:left;
	text-indent:-18.0pt;}
@list l2
	{mso-list-id:1005479857;
	mso-list-template-ids:-1814532894;}
@list l2:level1
	{mso-level-tab-stop:36.0pt;
	mso-level-number-position:left;
	text-indent:-18.0pt;}
@list l3
	{mso-list-id:1735397802;
	mso-list-template-ids:-1764050040;}
@list l3:level1
	{mso-level-tab-stop:36.0pt;
	mso-level-number-position:left;
	text-indent:-18.0pt;}
ol
	{margin-bottom:0cm;}
ul
	{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=3Dwhite lang=3DFR link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Interesting comments Eddy,<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I copy also here the answer of Vijay Anand, the founder =
of <a
href=3D"http://www.pronto.in">www.pronto.in</a> <o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>It=E2=80=99s a platform with important Indian =
start-ups:<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Who can answer?<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Snorri<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

Rajan represents a firm that =
works in the
secure identity space. When asked how it measures with OpenID, he =
mentioned a
few remarks. I wanted to run it through you to get your feedback. =
What
do you think? 
 
Vijay<o:p></o:p>

For Point 4 Open ID =
=E2=80=93 Open id is a
good concept, but very much different to XeQure. We have taken into
consideration the shortcomings of Open ID in development of XeQure. =
Please
visit <a
href=3D"http://idcorner.org/2007/08/22/the-problems-with-openid/" =
target=3D"_blank">http://idcorner.org/2007/08/22/the-problems-with-=
openid/</a>
&nbsp;to get an =
idea where
Open ID stops being user friendly and secure. Few salient points are as =
below:<o:p></o:p>

<p><span lang=3DEN-IN style=3D'font-size:10.0pt'>&nbsp;</span><span =
lang=3DEN-IN><o:p></o:p></span></p>

1)&nbsp;&nbsp;&nbsp;&nbsp; Prone to phishing =
=E2=80=93 Open ID
workflow and architecture is such that it is easy to phish into as any =
person
can create a website and become an Open ID provider. Causing a great =
threat to
user security and hence confidence in application. If you use one OpenID
account to go to two hundred sites, the thief who steals your OpenID
credentials gains access to any of the 200 sites.<o:p></o:p>

2)&nbsp;&nbsp;&nbsp;&nbsp; Privacy issue =
=E2=80=93 With open
ID the identity provider can track all your login and usage history. =
This in
itself is a grave concern for internet users. XeQure architecture is =
different
and it does not control the way user moves on a third party =
website.<o:p></o:p>

3)&nbsp;&nbsp;&nbsp;&nbsp; No Patent =
=E2=80=93Open ID is a
free framework (without any patent ), which can be implemented by anyone =
(even
hackers and phishers), this makes it very vulnerable for hackers and =
users tend
to have limited trust in such applications. No wonder the user base is =
still
very low for it. <o:p></o:p>

4)&nbsp;&nbsp;&nbsp;&nbsp; Usability issues =
=E2=80=93 Open Id
is too cumbersome to use. It has three entities the user, Identity =
provider
e.g. Claim ID, and Consumer e.g. LiveJournal.com, <a =
href=3D"http://pbwiki.com"
target=3D"_blank">pbwiki.com</a>, etc. They all have to synchronize to =
make this
functional. Too many parties involved for user ease. It has many steps =
on each
login and it is not a true single click sign on unlike XeQure. This Open =
ID
framework needs to be implemented for each website which requires time =
and cost
to be incurred to do so.<o:p></o:p>

5)&nbsp;&nbsp;&nbsp;&nbsp; Multiple user =
account login
=E2=80=93 What if user has multiple accounts to say Google. He/she will =
still have to
remember all the URIs to login to different accounts. Open ID falls =
short of a
true SSO(Single sign on) to all user accounts.<o:p></o:p>

6)&nbsp;&nbsp;&nbsp;&nbsp;
6)&nbsp;&nbsp; Limited operation in major players =E2=80=93 Open ID is =
not being
provided as a login method on major websites like Gmail, Orkut, Myspace, =
etc.
Although majors like Google, Microsoft, etc. expressed their
&nbsp;&nbsp;willingness to provide support for Open ID more than 6 =
months back,
but have done nothing to make it functional as of yet. It seems that =
OpenID
will take a very long time to be used as a standard on the&nbsp; World =
Wide
Web.<o:p></o:p>

<p><span lang=3DEN-IN =
style=3D'font-size:10.0pt;color:#1F497D'>&nbsp;</span><span
lang=3DEN-IN><o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0cm 0cm 0cm'>

<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>De&nbsp;:</span></b><span =
style=3D'font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> general-bounces at openid.net
[mailto:general-bounces at openid.net] <b>De la part de</b> Eddy Nigg =
(StartCom
Ltd.)<br>
<b>Envoy=C3=A9&nbsp;:</b> mercredi 25 juin 2008 07:55<br>
<b>=C3=80&nbsp;:</b> Jeetendra Mirchandani<br>
<b>Cc&nbsp;:</b> general at openid.net<br>
<b>Objet&nbsp;:</b> Re: [OpenID] OpenID in India - What stops you from =
using
OpenID?<o:p></o:p></span></p>

</div>

</div>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Jeetendra Mirchandani: <o:p></o:p></p>

This is a question for all those website owners in =
India,
who have been around for a while, and those who have started new =
ventures
recently. Let me list down possible reasons I can think of, as if I were =
to own
a website targeted towards Indians<o:p></o:p>

All of the above might be correct (from the point of view of the web =
site
owners of course). Here my $0.02.... 
 
 
<o:p></o:p>

<ol start=3D1 type=3D1>
 <li class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
     mso-list:l3 level1 lfo1'><span lang=3DEN-US>Indian users dont know =
what
     OpenID is</span><o:p></o:p></li>
</ol>

Very likely! Isn't this the reason for your foundation and mission =
thereof? 
 
 
<o:p></o:p>

<ol start=3D1 type=3D1>
 <li class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
     mso-list:l1 level1 lfo2'><span lang=3DEN-US>Your traffic is =
reluctant to use
     a URL as a username, they are just more comfortable with the old
     traditional way of having a user name and =
password</span><o:p></o:p></li>
 <li class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
     mso-list:l1 level1 lfo2'><span lang=3DEN-US>You, the website owner, =
wants to
     build a user base. And users signing in via an OpenID aren't really =
users
     that you own (Or atleast thats what you =
think?)</span><o:p></o:p></li>
</ol>

<p class=3DMsoNormal><br>