Again: What's the good in OpenID for me?
marc at broadbandmechanics.com
Fri Jan 9 18:57:18 UTC 2009
god bless the people who put the trolls in their place!
thank you Joseph
On Fri, Jan 9, 2009 at 10:41 AM, Joseph A Holsten
<joseph at josephholsten.com>wrote:
> To those watching: A friendly reminder, don't feed the trolls.
> Márcio Vinícius Pinheiro wrote:
>> What kind of license Yahoo has to be a provider? what's their obligations?
> All the people who developed OpenID have basically provided patent
> non-asserts, so there is no license or obligations to use. It's open.
> The OpenID foundation has no power or desire to make Yahoo! do their
> bidding. But we would all love to convince them to be a relying party (allow
> people to authenticate on their site with OpenID). Can you think of any
> particularly convincing business value they would gain from being a relying
> party? I know a few yahoo fellows are here.
> I still didn't understand the use of an URL (like my blog address) as an
>> ID. Wasn't it about username/password?
> This is a common issue with OpenID. Some people even want email addresses
> as OpenIDs. The simplest explanation is that OpenID was originally aimed at
> bloggers, who typically are quite fond of their blog url. But these days,
> most OpenID implementations are trying to hide that in their UIs.
> If that interests you, you should investigate the XRI TC at OASIS. They're
> working on the underlying standards that let a site find your OpenID
> provider and talk to them.
> Maintainers of OpenID should carefully read this: http://
> This covers the points:
> - phishing
> - security is no better than DNS
> - recycling
> - correlation & collusion
> - usability
> - too many OPs, not enough RPs
> - impersonation by the OP
> - dependence on OP availability
> - submarine patent claims
> Most regulars on the list are well aware of these issues. If you (or anyone
> else) are not already aquainted of these concerns, and the potential
> solutions to them, please reply and someone will be happy to help you out.
> Some of the most critical claims from that post are by people very involved
> in the OpenID community. For example, Ben Laurie, who mentioned some of the
> security/trust concerns, is working to fix trust with XRD. Some of the
> privacy concerns were brought up by someone who was on the OpenID Board at
> the time, Tom Allen. ; )
> Finally, we understand you've got issues with the way OpenID works today.
> We'd love to know about any new problem you find in OpenID, especially if
> you can propose a solution. But do try to be polite.
> user-experience mailing list
> user-experience at openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the user-experience