[OpenID] One-Click OpenID: A Solution to the NASCAR Problem

John Bradley ve7jtb at ve7jtb.com
Thu Feb 16 20:00:46 UTC 2012 

For a central GIT to be successful it would need to be run by an audited independent third party.

That is what Mozilla is doing with browserID (not independent or audited) though they have the ability to impersonate users where GIT would not.

It would be a temporary solution until browser support was available.

I am glad you have confidence in Harry's abilities.  Perhaps more than he has given some of my recent conversations with him.

You will be one of many strings pulling on those venders.

Unless you have a way to prove out your idea before they come on board, you are in for a hard time.

Those of us who have been down this road before feel for you.

John B.

On 2012-02-16, at 4:30 PM, Francisco Corella wrote:

>  John,
> 
> > I think what people are raising is that there is significant execution
> > risk in your good idea.
> > 
> > In the past browser venders were uncooperative, currently Mozilla is
> > developing their own mega IDP based on their idea of browser
> > extensions.  If you can get them and the other vendors to cooperate
> > you will have earned all our respect.
> > 
> > Many of us have gone down the browser extension path.  From Sxipper,
> > Seatbelt, Microsofts prototype, Axels several Firefox add ons.
> > 
> > One thing that slowed people down was the rise of Mobile browsers, and
> > the new security models.  Even someone the size of MS could not
> > address all the platforms with extensions.
> > 
> > Having something that only works on a single platform is a drawback
> > when working with consumers, I know you fall back to regular openID.
> > 
> > The other approach is providing account chooser services in the cloud,
> > so that you are not dependent on anything other than html 5 to start
> > and then work into browser support.
> > 
> > Look at https://sites.google.com/site/oidfacwg/cdsdemo for one current
> > project.
> > 
> > I wish you luck, however i think you have chosen a difficult path for
> > yourself.
> 
> Thank you.  I agree that the main problem is not technical, it's
> getting 5+ browser vendors to go along.  But that's easier now than it
> used to be.  Harry Halpin of W3C proved that he can get all browser
> vendors in the same room, at the Identity in the Browser workshop.  I
> was impressed by that.  And there is NSTIC itself.  If an idea
> demonstrated by a successful pilot is endorsed by the future NSTIC
> Steering Group browser vendors will hopefully pay attention.  I know,
> it's still a long shot.
> 
> The problem with a cloud solution like the GIT is that it's a massive
> privacy invasion.  I like to complain about Facebook finding out what
> relying parties its users log in to, but if the GIT became a universal
> login method, Google would be informed of all logins of all Web users.
> I wonder how the new Google privacy policy applies to the GIT.  And I
> wonder how relying parties that use the GIT disclose the implications
> in their privacy policies.
> 
> Google's account chooser (without the cloud-based GIT) has two
> problems: (i) it only works well for email address identities, and
> many OpenID providers are not webmail providers; and (ii) users will
> never understand why the experience is different for some email
> addresses (those hosted by OpenID providers) than others (those hosted
> by webmail providers that are not OpenID providers).  Regarding (ii),
> I followed the link that your provided and tried out the demo.  I
> tried it in with my gmail address; that worked.  I tried it with my
> Yahoo address; that produced an error message, presumably due to some
> bug that can be fixed.  I tried it with my Pomcor address; that hung.
> There was no warning in the demo that it would only work for some
> email addresses.  You can't expect all webmail service providers to be
> OpenID providers.
> 
> Francisco
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120216/148db21f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120216/148db21f/attachment.p7s>

More information about the general mailing list