[OpenID] Your OpenID is destined to be your email address
SitG Admin
sysadmin at shadowsinthegarden.com
Mon Mar 30 06:55:09 UTC 2009
>Your OpenID is destined to be your email address. I have posted my arguments
>on my blog.
*amusement* This isn't such a low-traffic list that we need to worry
about posting links rather than just copying the text into a post. If
anything, we should worry that some readers might be able to receive
E-mail but not access the web to follow a link!
>http://santrajan.blogspot.com/2009/03/death-of-openid.html
New info summed up for those who can't follow the link yet:
"I don't support OpenID as it was intended, I just use v2.0 to let
users enter their E-mail address as a login. I don't want a
meaningless URL because it does not guarantee that users have a
verified E-mail address, and people without verified E-mail addresses
should not be able to log in."
It's basically a trust issue. There's also a paragraph about Google
which implies that Google Accounts are trusted to verify any (even
non-Gmail) addresses, but it would require everyone to use a Google
Account (which will never happen), so I won't bother delving into the
obvious double standard.
Hmm, looks like this is actually the second post on OpenID, at that
blog; for those who *can* follow links, here's the first:
http://santrajan.blogspot.com/2009/03/mess-called-openid.html
There's a lot of subjective, generalization-from-self perspective in
it; some excerpts below, for those who cannot follow links yet :)
"First of all the Open Id itself is a problem. [...]
http://myusername.myserver.com/?blah=bleh [...] I for sure wouldnt
want to login anywhere with such an id!"
"At the very least the users email address should be made available
to the RP's. Any web site worth its salt will atleast require the
users email."
"Yahoo allows you to log in but does not provide the email address,
making it necessary for RP's to verify email address. This defeats
the whole purpose."
"Facebook would like RP's to use its own proprietory facebook connect
(but again this does not give the RP's the email address."
If only I were to accept the premises of this argument (which
basically seem to amount to "verified E-mail addresses are the most
important thing to all sites"), the rest of it would make perfect
sense. I don't need to know users' E-mail addresses (and why the hell
would I? It's not like I'm SPAMMING them - uh, contacting them or
sending anything, that is), and since this is, after all, the whole
PURPOSE of OpenID, there isn't any need to use OpenID for my site.
-Shade
More information about the general
mailing list