[OpenID] TR: OpenID in India - What stops you from using OpenID?

Snorri snorri at snorri.eu
Wed Jun 25 09:21:22 UTC 2008 

Oh yes !  the link is  <http://www.proto.in> www.proto.in 

 

“Pronto” mean “Allo” in Italian! :)

 

Thanks

 

-Snorri

 

De : Jeetendra Mirchandani [mailto:jeetum at gmail.com] 
Envoyé : mercredi 25 juin 2008 10:36
À : Snorri
Objet : Re: [OpenID] OpenID in India - What stops you from using OpenID?

 

Hey Snorri, that should have been proto.in, not pronto.in

Regards,
Jeetu

On Wed, Jun 25, 2008 at 2:01 PM, Snorri <snorri at snorri.eu> wrote:

Interesting comments Eddy,

 

I copy also here the answer of Vijay Anand, the founder of www.pronto.in 

It's a platform with important Indian start-ups:

 

Who can answer?

 

Thanks

 

-Snorri

 

Rajan represents a firm that works in the secure identity space. When asked
how it measures with OpenID, he mentioned a few remarks. I wanted to run it
through you to get your feedback. What do you think?

Vijay

For Point 4 Open ID – Open id is a good concept, but very much different to
XeQure. We have taken into consideration the shortcomings of Open ID in
development of XeQure. Please visit
<http://idcorner.org/2007/08/22/the-problems-with-openid/>
http://idcorner.org/2007/08/22/the-problems-with-openid/  to get an idea
where Open ID stops being user friendly and secure. Few salient points are
as below:

 

1)     Prone to phishing – Open ID workflow and architecture is such that it
is easy to phish into as any person can create a website and become an Open
ID provider. Causing a great threat to user security and hence confidence in
application. If you use one OpenID account to go to two hundred sites, the
thief who steals your OpenID credentials gains access to any of the 200
sites.

2)     Privacy issue – With open ID the identity provider can track all your
login and usage history. This in itself is a grave concern for internet
users. XeQure architecture is different and it does not control the way user
moves on a third party website.

3)     No Patent –Open ID is a free framework (without any patent ), which
can be implemented by anyone (even hackers and phishers), this makes it very
vulnerable for hackers and users tend to have limited trust in such
applications. No wonder the user base is still very low for it. 

4)     Usability issues – Open Id is too cumbersome to use. It has three
entities the user, Identity provider e.g. Claim ID, and Consumer e.g.
LiveJournal.com, pbwiki.com, etc. They all have to synchronize to make this
functional. Too many parties involved for user ease. It has many steps on
each login and it is not a true single click sign on unlike XeQure. This
Open ID framework needs to be implemented for each website which requires
time and cost to be incurred to do so.

5)     Multiple user account login – What if user has multiple accounts to
say Google. He/she will still have to remember all the URIs to login to
different accounts. Open ID falls short of a true SSO(Single sign on) to all
user accounts.

6)     6)   Limited operation in major players – Open ID is not being
provided as a login method on major websites like Gmail, Orkut, Myspace,
etc. Although majors like Google, Microsoft, etc. expressed their
willingness to provide support for Open ID more than 6 months back, but have
done nothing to make it functional as of yet. It seems that OpenID will take
a very long time to be used as a standard on the  World Wide Web.

 

 

De : general-bounces at openid.net [mailto:general-bounces at openid.net] De la
part de Eddy Nigg (StartCom Ltd.)
Envoyé : mercredi 25 juin 2008 07:55
À : Jeetendra Mirchandani
Cc : general at openid.net
Objet : Re: [OpenID] OpenID in India - What stops you from using OpenID?

 

Jeetendra Mirchandani: 

This is a question for all those website owners in India, who have been
around for a while, and those who have started new ventures recently. Let me
list down possible reasons I can think of, as if I were to own a website
targeted towards Indians


All of the above might be correct (from the point of view of the web site
owners of course). Here my $0.02....



1.	Indian users dont know what OpenID is


Very likely! Isn't this the reason for your foundation and mission thereof?



1.	Your traffic is reluctant to use a URL as a username, they are just
more comfortable with the old traditional way of having a user name and
password
2.	You, the website owner, wants to build a user base. And users
signing in via an OpenID aren't really users that you own (Or atleast thats
what you think?)


>From the user perspective that's certainly not really valid. For OpenID
users, when offered OpenID login on a site they are more willing to register
then without. It's only the authentication which is "outsourced" not the
user base itself. That's a point which needs education perhaps.



1.	You don't trust that OpenID provider is secure enough. You are
responsible for any user data, and don't want the third-party provider to be
involved in how secure your user data is


Allow only providers you trust. It's easy as that.



1.	OpenID implementation is very complicated


This is a valid point and most popular blogs, forums require some extra work
to have OpenID login. Certainly for implementing your own login facility.
Until the big web applications don't ship OpenID built-in (like WordPress,
Phpbb forum, wikimedia) this is a hurdle.



With the same argument, point 4 is also not totally valid! A user
understands who to trust, and build up that trust over time. With big
players like  <http://openid.yahoo.com/> Yahoo providing OpenID, I think
this barrier is gone.


I don't view Yahoo as a secure provider, sorry.



And if you say OpenID implementation is complicated, you need to look
around. The  <http://openid.net/developers/> developers section on
openid.net could be a good starting point.


That's a lame argument. For many implementation is impossible or very
burdensome. See above...the most popular web applications need to ship
OpenID built-in!


Regards 


 


Signer: 

Eddy Nigg, StartCom Ltd. <http://www.startcom.org> 


Jabber: 

startcom at startcom.org


Blog: 

Join the Revolution! <http://blog.startcom.org> 


Phone: 

+1.213.341.0390


 

 




-- 
Regards,
Jeetu
http://www.cse.iitb.ac.in/~jeetu
http://apps.facebook.com/myorkut/

"Reality is merely an illusion, albeit a very persistent one." 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080625/7b6ec395/attachment.htm>

More information about the general mailing list