[OpenID] Current state of OpenID & federated logins in general

[Paul Johnston]

Hi,

I'm looking for an informed view on the current state of OpenID and related
technologies. What I've picked up is:

1) Many major web presences (Google, Facebook, etc.) will be identity
providers, but favor schemes based on OAuth 2.
2) Some web sites do allow federated login, but it's still a minority.
3) It is technically difficult to add federated login support to a website.
Even where a good library exists (e.g. Spring Social) a lot of work is
needed.
4) With OAuth systems, if my website wants to allow logins from a
particular identity provider, I have to register my website with the
identity provider in advance.
5) Use of OpenID is now rare.

This is just what I've picked up; I'd welcome a more informed view.

Personally, I am quite disheartened by the situation. I think we
desperately need a better system of online identity, and OpenID would do
the job. The requirement in OAuth for service provider to preregister with
identity provider doesn't fit the open nature of OpenID. It's much more
geared to a world where everyone uses one of the major providers; no chance
of running your own OAuth provider on your own web server.

Thoughts welcome,

Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20130912/6e884487/attachment.html>