No subject

Fri Jun 6 22:09:24 UTC 2008

users, when offered OpenID login on a site they are more willing to =
register
then without. It's only the authentication which is "outsourced" not the
user base itself. That's a point which needs education perhaps.

1.	You don't trust that OpenID provider is secure enough. You are
responsible for any user data, and don't want the third-party provider =
to be
involved in how secure your user data is

Allow only providers you trust. It's easy as that.

1.	OpenID implementation is very complicated

This is a valid point and most popular blogs, forums require some extra =
work
to have OpenID login. Certainly for implementing your own login =
facility.
Until the big web applications don't ship OpenID built-in (like =
WordPress,
Phpbb forum, wikimedia) this is a hurdle.

With the same argument, point 4 is also not totally valid! A user
understands who to trust, and build up that trust over time. With big
players like <http://openid.yahoo.com/> Yahoo providing OpenID, I think
this barrier is gone.

I don't view Yahoo as a secure provider, sorry.

And if you say OpenID implementation is complicated, you need to look
around. The <http://openid.net/developers/> developers section on
openid.net could be a good starting point.

That's a lame argument. For many implementation is impossible or very
burdensome. See above...the most popular web applications need to ship
OpenID built-in!

Regards=20

=20

Signer:=20

Eddy Nigg, StartCom Ltd. <http://www.startcom.org>=20

Jabber:=20

startcom at startcom.org

Blog:=20

Join the Revolution! <http://blog.startcom.org>=20

Phone:=20

+1.213.341.0390

=20

=20

--=20
Regards,
Jeetu
http://www.cse.iitb.ac.in/~jeetu
http://apps.facebook.com/myorkut/

"Reality is merely an illusion, albeit a very persistent one."=20

------=_NextPart_000_0094_01C8D6B5.994E76A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>

<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
	{page:Section1;}
 /* List Definitions */
 @list l0
	{mso-list-id:127403980;
	mso-list-template-ids:-2100628026;}
@list l1
	{mso-list-id:505483797;
	mso-list-template-ids:-1087896082;}
@list l2
	{mso-list-id:1540437232;
	mso-list-template-ids:1259875372;}
@list l3
	{mso-list-id:2089034964;
	mso-list-template-ids:128752396;}
ol
	{margin-bottom:0cm;}
ul
	{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DFR link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Oh yes&nbsp;!=A0 the link is </span><span =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'><a =
href=3D"http://www.proto.in"><span
lang=3DEN-US>www.proto.in</span></a></span><span =
style=3D'font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'> <span =
lang=3DEN-US><o:p></o:p></span></span></p>

<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DIT =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>&#8220;Pronto&#8221; mean &#8220;Allo&#8221; in Italian! =
:)<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DIT =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DIT =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DIT =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span lang=3DIT =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Snorri<o:p></o:p></span></p>

<p class=3DMsoNormal><span lang=3DIT =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0cm 0cm 0cm'>

<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>De&nbsp;:</s=
pan></b><span
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Jeetendra
Mirchandani [mailto:jeetum at gmail.com] <br>
<b>Envoy=E9&nbsp;:</b> mercredi 25 juin 2008 10:36<br>
<b>=C0&nbsp;:</b> Snorri<br>
<b>Objet&nbsp;:</b> Re: [OpenID] OpenID in India - What stops you from =
using
OpenID?<o:p></o:p></span></p>

</div>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'>Hey Snorri, that =
should have
been <a href=3D"http://proto.in">proto.in</a>, not pro<b><u>n</u></b><a
href=3D"http://to.in">to.in</a><br>
<br>
Regards,<br>
Jeetu<o:p></o:p></p>

<div>

<p class=3DMsoNormal>On Wed, Jun 25, 2008 at 2:01 PM, Snorri
&lt;snorri at snorri.eu&gt; wrote:<o:p></o:p></p>

<div>

<div>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>Interesting comments
Eddy,</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p><span lang=3DEN-US style=3D'font-size:11.0pt;color:#1F497D'>I copy =
also here the
answer of Vijay Anand, the founder of <a href=3D"http://www.pronto.in"
target=3D"_blank">www.pronto.in</a> </span><o:p></o:p></p>

<p><span lang=3DEN-US style=3D'font-size:11.0pt;color:#1F497D'>It's a =
platform with
important Indian start-ups:</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p><span lang=3DEN-US style=3D'font-size:11.0pt;color:#1F497D'>Who can =
answer?</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>Thanks</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>-Snorri</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

Rajan represents a firm that works in the secure =
identity
space. When asked how it measures with OpenID, he mentioned a few =
remarks. I
wanted to run it through you to get your feedback. What do you =
think? 
 
Vijay<o:p></o:p>

For Point 4 Open ID =
&#8211; Open id is a
good concept, but very much different to XeQure. We have taken into
consideration the shortcomings of Open ID in development of XeQure. =
Please
visit <a
href=3D"http://idcorner.org/2007/08/22/the-problems-with-openid/" =
target=3D"_blank">http://idcorner.org/2007/08/22/the-problems-with-=
openid/</a>
&nbsp;to get an idea where Open ID stops being user friendly and =
secure.
Few salient points are as below:<o:p></o:p>

<p><span lang=3DEN-IN =
style=3D'font-size:10.0pt'>&nbsp;</span><o:p></o:p></p>

1)&nbsp;&nbsp;&nbsp;&nbsp; Prone to phishing =
&#8211; Open ID
workflow and architecture is such that it is easy to phish into as any =
person
can create a website and become an Open ID provider. Causing a great =
threat to
user security and hence confidence in application. If you use one OpenID
account to go to two hundred sites, the thief who steals your OpenID
credentials gains access to any of the 200 sites.<o:p></o:p>

2)&nbsp;&nbsp;&nbsp;&nbsp; Privacy issue =
&#8211; With open
ID the identity provider can track all your login and usage history. =
This in
itself is a grave concern for internet users. XeQure architecture is =
different
and it does not control the way user moves on a third party =
website.<o:p></o:p>

3)&nbsp;&nbsp;&nbsp;&nbsp; No Patent =
&#8211;Open ID is a
free framework (without any patent ), which can be implemented by anyone =
(even
hackers and phishers), this makes it very vulnerable for hackers and =
users tend
to have limited trust in such applications. No wonder the user base is =
still
very low for it. <o:p></o:p>

4)&nbsp;&nbsp;&nbsp;&nbsp; Usability issues =
&#8211; Open Id
is too cumbersome to use. It has three entities the user, Identity =
provider
e.g. Claim ID, and Consumer e.g. LiveJournal.com, <a =
href=3D"http://pbwiki.com"
target=3D"_blank">pbwiki.com</a>, etc. They all have to synchronize to =
make this
functional. Too many parties involved for user ease. It has many steps =
on each
login and it is not a true single click sign on unlike XeQure. This Open =
ID
framework needs to be implemented for each website which requires time =
and cost
to be incurred to do so.<o:p></o:p>

5)&nbsp;&nbsp;&nbsp;&nbsp; Multiple user =
account login
&#8211; What if user has multiple accounts to say Google. He/she will =
still have to
remember all the URIs to login to different accounts. Open ID falls =
short of a
true SSO(Single sign on) to all user accounts.<o:p></o:p>

6)&nbsp;&nbsp;&nbsp;&nbsp;
6)&nbsp;&nbsp; Limited operation in major players &#8211; Open ID is not =
being
provided as a login method on major websites like Gmail, Orkut, Myspace, =
etc.
Although majors like Google, Microsoft, etc. expressed their =
&nbsp;&nbsp;willingness
to provide support for Open ID more than 6 months back, but have done =
nothing
to make it functional as of yet. It seems that OpenID will take a very =
long
time to be used as a standard on the&nbsp; World Wide =
Web.<o:p></o:p>

<p><span lang=3DEN-IN =
style=3D'font-size:10.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p><span lang=3DEN-US =
style=3D'font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<div>

<div style=3D'border:none;border-top:solid windowtext =
1.0pt;padding:3.0pt 0cm 0cm 0cm;
border-color:-moz-use-text-color -moz-use-text-color'>

<p><b><span style=3D'font-size:10.0pt'>De&nbsp;:</span></b><span
style=3D'font-size:10.0pt'> <a =
href=3D"mailto:general-bounces at openid.net"
target=3D"_blank">general-bounces at openid.net</a> [mailto:<a
href=3D"mailto:general-bounces at openid.net" =
target=3D"_blank">general-bounces at openid.net</a>]
<b>De la part de</b> Eddy Nigg (StartCom Ltd.)<br>
<b>Envoy=E9&nbsp;:</b> mercredi 25 juin 2008 07:55<br>
<b>=C0&nbsp;:</b> Jeetendra Mirchandani<br>
<b>Cc&nbsp;:</b> <a href=3D"mailto:general at openid.net" =
target=3D"_blank">general at openid.net</a><br>
<b>Objet&nbsp;:</b> Re: [OpenID] OpenID in India - What stops you from =
using
OpenID?</span><o:p></o:p></p>

</div>

</div>

<div>

<div>

<p>&nbsp;<o:p></o:p></p>

<p>Jeetendra Mirchandani: <o:p></o:p></p>

This is a question for all those website owners in =
India, who
have been around for a while, and those who have started new ventures =
recently.
Let me list down possible reasons I can think of, as if I were to own a =
website
targeted towards Indians<o:p></o:p>

All of the above might be correct (from the point of view of the web =
site
owners of course). Here my $0.02.... 
 
<o:p></o:p>

<ol start=3D1 type=3D1>
 <li class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
     mso-list:l1 level1 lfo1'><span lang=3DEN-US>Indian users dont know =
what
     OpenID is</span><o:p></o:p></li>
</ol>

Very likely! Isn't this the reason for your foundation and mission =
thereof? 
 
<o:p></o:p>

<ol start=3D1 type=3D1>
 <li class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
     mso-list:l3 level1 lfo2'><span lang=3DEN-US>Your traffic is =
reluctant to use
     a URL as a username, they are just more comfortable with the old
     traditional way of having a user name and =
password</span><o:p></o:p></li>
 <li class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
     mso-list:l3 level1 lfo2'><span lang=3DEN-US>You, the website owner, =
wants to
     build a user base. And users signing in via an OpenID aren't really =
users
     that you own (Or atleast thats what you =
think?)</span><o:p></o:p></li>
</ol>

<p style=3D'margin-bottom:12.0pt'><br>