OpenID in desktop apps

Christopher St John ckstjohn at gmail.com
Tue Feb 10 15:54:58 UTC 2009


On Mon, Feb 9, 2009 at 11:35 AM, Chris Messina <chris.messina at gmail.com> wrote:
>
> If we accept that authentication should eventually move beyond mere
> usernames and passwords, I think that it becomes much more obvious why we
> should think very hard about popping out of desktop apps and into the
> browser (or some context that allows for arbitrary authentication
> mechanisms).
>

Chris, stop being evil :-)

Yes, you. You're arguing that "in the future" it's "best for the users
whether they like it or not" to "just do what the experts say"
because it "will bring long term benefits although it does make
things harder in the short term"

Can you really say those things with a straight face? I suspect
you know better! :-)

Extensions at the operating system level will allow desktop apps
to participate in flows like OAuth or OpenID without breaking the
experience (either by supporting the flows directly, or providing a
secure registry of credentials). That's great for the future, and is
definitely worth pursing.

But in the mean time, it's going against a lot of hard-won wisdom
to suggest that making things _less_ convenient and _less_
usable in the short term will win you anything other than a place
on the (very long) list of "great authc/authz ideas that failed to
win popular acceptance because, quite frankly, they were kind of
a pain to use"

So: make it easy now. Round off all the corners, then grease them.
Optimize for the common case. Cut corners. Without success now,
in the present, there is no glorious OpenID future.

-cks

-- 
Christopher St. John
http://artofsystems.blogspot.com



More information about the user-experience mailing list