Again: What's the good in OpenID for me?

Márcio Vinícius Pinheiro marcioviniciusmp at
Sat Jan 10 01:58:26 UTC 2009

Dear Joseph,

I'm sorry if didn't look polite (maybe it's because language barrier - I'm
Brazilian). And I didn't wanted to act like a troll. I made a question
(actually 2 questions), I receipt some answers (some of them I didn't like)
and I decided to give my impressions about my experience with all OpenID
thing. I thought "OpenID user experience" list was the right place for this.

Thank you for your explanation, although I (as a lay user) didn't understand
much (after the part with "XRI TC at OASIS"). I wanted to be helpful, but
now I know you don't want this kind of help. I can't help better than this
way. I'll keep my place as end-user and hope for someday OpenID finally

Please accept my apologies and thanks. End of history.

P.S.: Marc, your comment was helpless and dispensable. Didn't you get the
first line of Joseph's message?
- - - ·
Márcio Vinícius Pinheiro
meu blog Peixe na rede:
minha arte digital na Internet:
meus atalhos de Internet:
emails alternativos: marcio at, marciovinicius at,
marciovinicius at

2009/1/9 Joseph A Holsten <joseph at>

> To those watching: A friendly reminder, don't feed the trolls.
> Márcio Vinícius Pinheiro wrote:
>> What kind of license Yahoo has to be a provider? what's their obligations?
> All the people who developed OpenID have basically provided patent
> non-asserts, so there is no license or obligations to use. It's open.
> The OpenID foundation has no power or desire to make Yahoo! do their
> bidding. But we would all love to convince them to be a relying party (allow
> people to authenticate on their site with OpenID). Can you think of any
> particularly convincing business value they would gain from being a relying
> party? I know a few yahoo fellows are here.
>  I still didn't understand the use of an URL (like my blog address) as an
>> ID. Wasn't it about username/password?
> This is a common issue with OpenID. Some people even want email addresses
> as OpenIDs. The simplest explanation is that OpenID was originally aimed at
> bloggers, who typically are quite fond of their blog url. But these days,
> most OpenID implementations are trying to hide that in their UIs.
> If that interests you, you should investigate the XRI TC at OASIS. They're
> working on the underlying standards that let a site find your OpenID
> provider and talk to them.
>  Maintainers of OpenID should carefully read this: http://
> This covers the points:
> - phishing
> - security is no better than DNS
> - recycling
> - correlation & collusion
> - usability
> - too many OPs, not enough RPs
> - impersonation by the OP
> - dependence on OP availability
> - submarine patent claims
> Most regulars on the list are well aware of these issues. If you (or anyone
> else) are not already aquainted of these concerns, and the potential
> solutions to them, please reply and someone will be happy to help you out.
> Some of the most critical claims from that post are by people very involved
> in the OpenID community. For example, Ben Laurie, who mentioned some of the
> security/trust concerns, is working to fix trust with XRD. Some of the
> privacy concerns were brought up by someone who was on the OpenID Board at
> the time, Tom Allen. ; )
> Finally, we understand you've got issues with the way OpenID works today.
> We'd love to know about any new problem you find in OpenID, especially if
> you can propose a solution. But do try to be polite.
> _______________________________________________
> user-experience mailing list
> user-experience at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the user-experience mailing list