[OpenID] "Nightmare" article on OpenID
Allen Tom
allentomdude at gmail.com
Fri Nov 19 00:11:37 UTC 2010
The author raises many important issues for consumer oriented websites that
are trying to accept 3rd party logins, and I think we as a community should
listen and take the author's feedback very seriously.
Specially:
1) Directed Identity / PPID (Pairwise Pseudonmous identifier) /
non-correlatible RP specific identifier - is great in theory, but does not
provide enough value to most RPs to justify implementing OpenID. PPID
identifiers have no history, no data, and no reputation - why would any RP
want this? Also, as the author pointed out, changing the PPID based on the
realm/return_to means that RPs will "lose all their users" if they ever
switch their domain/realm. There are many valid reasons why RPs would want
to have multiple realms/domains, or to change them around.
2) username at provider identifiers are necessary for users to contact the RP
via customer support and other out of band mechanisms. For all practical
purposes, the email address is really required.
3) We often talk about OpenID's value to end users, but we don't talk enough
about giving value to RPs. The main hurdle to OpenID adoption is that RPs
don't see enough value in OpenID, especially relative to other proprietary
alternatives.
For a really harsh critique of OpenID, I highly recommend reading Yishan
Wong's (ex Facebook/Paypal) tirade against OpenID on Quora:
http://www.quora.com/What-s-wrong-with-OpenID
Allen
On Wed, Nov 17, 2010 at 4:01 PM, Bill Shupp <hostmaster at shupp.org> wrote:
> http://blog.wekeroad.com/thoughts/open-id-is-a-party-that-happened
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20101118/54f439ca/attachment.html>
More information about the general
mailing list