[OpenID] Current state of OpenID & federated logins in general

Peter Williams home_pw at msn.com
Thu Sep 12 16:33:20 UTC 2013 

Us/uk border control project, the rump of the biometric passport idea.

Nist (us) - plans for openid vendors in delivering national Id strategy

Dhs (us) - integration of idp logging streams into national cyberspace defense plan based on realtime vulnerability identification (and exploitation)

NSF (us) - mind share management of academic research on cvybersecurity topics, to induce attitude shift towards idp centralization (in ttp class cloud vendors) and to tie funding to only vetted "trustworthy" recipients. Rebuild the us coldwar-era industrial security program, that is.

NSA (us)...leveraging (intentional) sideeffects of all the above in its role, taken over from dod, as agency responsible for sensitive civilian infrastructure (ie google). Regulate (security of) those too big to fail, that is.

For each of those there is a designated UK equivalent.

This informed perspective obviously contrasts with the tone of your issue set, and the sheer contrast perhaps explains why openid is not a webby movement and cannot succeed to be one. It is necessarily national (and thus not webby).


Sent from my Windows Phone
________________________________
From: Paul Johnston<mailto:paj at pajhome.org.uk>
Sent: ‎9/‎12/‎2013 8:46 AM
To: openid-general at lists.openid.net<mailto:openid-general at lists.openid.net>
Subject: [OpenID] Current state of OpenID & federated logins in general

Hi,

I'm looking for an informed view on the current state of OpenID and related
technologies. What I've picked up is:

1) Many major web presences (Google, Facebook, etc.) will be identity
providers, but favor schemes based on OAuth 2.
2) Some web sites do allow federated login, but it's still a minority.
3) It is technically difficult to add federated login support to a website.
Even where a good library exists (e.g. Spring Social) a lot of work is
needed.
4) With OAuth systems, if my website wants to allow logins from a
particular identity provider, I have to register my website with the
identity provider in advance.
5) Use of OpenID is now rare.

This is just what I've picked up; I'd welcome a more informed view.

Personally, I am quite disheartened by the situation. I think we
desperately need a better system of online identity, and OpenID would do
the job. The requirement in OAuth for service provider to preregister with
identity provider doesn't fit the open nature of OpenID. It's much more
geared to a world where everyone uses one of the major providers; no chance
of running your own OAuth provider on your own web server.

Thoughts welcome,

Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20130912/dcaa3551/attachment.html>
-------------- next part --------------
_______________________________________________
general mailing list
general at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

More information about the general mailing list