Comments on: OpenID’s Struggle for Acceptance http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/ Insight and Analysis from North of the Border Fri, 19 Mar 2010 10:23:37 +0000 hourly 1 By: Barriers to Entry: User IDs « Blog http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/comment-page-1/#comment-176866 Barriers to Entry: User IDs « Blog Mon, 04 May 2009 13:10:38 +0000 http://www.markevanstech.com/?p=3680#comment-176866 [...] word of caution: OpenID idea has enjoyed less than spectacular success. Still, a consensus seems to be evolving and a number of announcements this year suggest that [...] [...] word of caution: OpenID idea has enjoyed less than spectacular success. Still, a consensus seems to be evolving and a number of announcements this year suggest that [...]

]]> By: Alex Barrera http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/comment-page-1/#comment-98007 Alex Barrera Thu, 28 Aug 2008 23:16:21 +0000 http://www.markevanstech.com/?p=3680#comment-98007 The main problem with OpenID is that most implementations are flawed. Although it's suppose to be a standard, the actual implementation accepts many possibilities, specially when dealing with certificates et al. making it not_so_standard after all. We need one OpenID provider to rule them all :P The main problem with OpenID is that most implementations are flawed. Although it’s suppose to be a standard, the actual implementation accepts many possibilities, specially when dealing with certificates et al. making it not_so_standard after all.

We need one OpenID provider to rule them all :P

]]> By: Aswath Rao http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/comment-page-1/#comment-92536 Aswath Rao Wed, 13 Aug 2008 06:08:36 +0000 http://www.markevanstech.com/?p=3680#comment-92536 My take on OpenID is somewhat at odds with mainstream proponents of OpenID. While they seem to stress on SSO, I view OpenID facilitates RPs to outsource authentication to third parties. Which authentication mechanism will be used by an IP and which IPs will be acceptable for a given RP are outside the scope of OpenID specification (contrary to common perception that all RPs will accept all IPs). I have previously stated that this is like credit cards. But mainstream OpenID proponents emphasize SSO exclusively and the critics point out faults in that goal. My take on OpenID is somewhat at odds with mainstream proponents of OpenID. While they seem to stress on SSO, I view OpenID facilitates RPs to outsource authentication to third parties. Which authentication mechanism will be used by an IP and which IPs will be acceptable for a given RP are outside the scope of OpenID specification (contrary to common perception that all RPs will accept all IPs). I have previously stated that this is like credit cards. But mainstream OpenID proponents emphasize SSO exclusively and the critics point out faults in that goal.

]]> By: Mark Evans http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/comment-page-1/#comment-92472 Mark Evans Tue, 12 Aug 2008 18:29:58 +0000 http://www.markevanstech.com/?p=3680#comment-92472 Kevin, Thanks for the insight. I'll check out myvidoop.com. Mark Kevin,

Thanks for the insight. I’ll check out myvidoop.com.

Mark

]]> By: Kevin Fox http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/comment-page-1/#comment-92471 Kevin Fox Tue, 12 Aug 2008 18:22:44 +0000 http://www.markevanstech.com/?p=3680#comment-92471 Nice post, since I work for Vidoop (we deal with OpenID) I am slightly more optimistic about the future. I am also in a position to say that there is work being done to address your concerns. Couple points to make, first is that with OpenID you only have to enter your password on your OpenID provider's site. Randall makes it seem like your OpenID provider is some random site, when in actuality you get to vet your provider ahead of time. I would rather have my account info stored with a company who is focused on security. A site that accepts OpenID logins (e.g. Ma.gnolia) never actually sees your password. @Stefan - What you suggest, logging into your browser, exists (albeit in tech preview form today). Check out the work happening at http://labs.vidoop.com on Identity in the Browser (IDIB). @Mark - We are pragmatic and have developed a pretty neat password manager plugin available at http://myvidoop.com. It is also an OpenID provider with strong authentication. OpenID is not just about SSO, it's about where the web can go with an identity layer. What new services and features can be built, etc... there is an excellent post about OpenID and how it fits in to the Identity services stack here: http://blogs.oracle.com/talkingidentity/2008/05/05/ Cheers, Kevin p.s. Betamax did have better picture quality :) Nice post, since I work for Vidoop (we deal with OpenID) I am slightly more optimistic about the future. I am also in a position to say that there is work being done to address your concerns.

Couple points to make, first is that with OpenID you only have to enter your password on your OpenID provider’s site. Randall makes it seem like your OpenID provider is some random site, when in actuality you get to vet your provider ahead of time. I would rather have my account info stored with a company who is focused on security. A site that accepts OpenID logins (e.g. Ma.gnolia) never actually sees your password.

@Stefan – What you suggest, logging into your browser, exists (albeit in tech preview form today). Check out the work happening at http://labs.vidoop.com on Identity in the Browser (IDIB).

@Mark – We are pragmatic and have developed a pretty neat password manager plugin available at http://myvidoop.com. It is also an OpenID provider with strong authentication.

OpenID is not just about SSO, it’s about where the web can go with an identity layer. What new services and features can be built, etc… there is an excellent post about OpenID and how it fits in to the Identity services stack here: http://blogs.oracle.com/talkingidentity/2008/05/05/

Cheers,
Kevin

p.s. Betamax did have better picture quality :)

]]> By: Mark Evans http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/comment-page-1/#comment-92443 Mark Evans Tue, 12 Aug 2008 13:51:04 +0000 http://www.markevanstech.com/?p=3680#comment-92443 Stefan, I agree there needs to be a better way to manage the multiple passwords that everyone has these days. Personally, I've used Roboform and 1Password, and been happy with how both of them work. Mark Stefan,

I agree there needs to be a better way to manage the multiple passwords that everyone has these days. Personally, I’ve used Roboform and 1Password, and been happy with how both of them work.

Mark

]]> By: Stefan Hayden http://www.markevanstech.com/2008/08/12/openids-struggle-for-acceptance/comment-page-1/#comment-92439 Stefan Hayden Tue, 12 Aug 2008 13:38:15 +0000 http://www.markevanstech.com/?p=3680#comment-92439 People want a single sign on. This is why people save passwords in their browsers. No one can remember all their usernames and passwords and they need help. OpenID is just a simple chicken and egg problem. If you can only sign on to a couple of sites then OpenID is more of a pain then a help. Of course until a lot of sites use it there's no point wanting OpenID. And if no one wants OpenID then no site will add it. If the chicken and egg problem can't be solved then OpenID is dead. Some clearly think it can't. I and other OpenID advocates are hopeful it can. But I'm not dumb. I can see it's not a blazing success. Though I think it could be. But either way people want a single way to remember all usernames and password. In recent brainstorm sessions I have come up with what I think would be my perfect login system. I start up firefox... enter a single password... and Firefox, through a standard API, logs me in to all the sites I use in the background. Perhaps it has a lot of security problems... but when it comes to convenience it sounds awesome to me. But if OpenID truly fails then we need a different approach. We need a system that can retrofit on top of the Username and Password system that I can explain to my mom and she will understand and be able to tell others. It has to be dead simple. People want a single sign on. This is why people save passwords in their browsers. No one can remember all their usernames and passwords and they need help.

OpenID is just a simple chicken and egg problem. If you can only sign on to a couple of sites then OpenID is more of a pain then a help. Of course until a lot of sites use it there’s no point wanting OpenID. And if no one wants OpenID then no site will add it.

If the chicken and egg problem can’t be solved then OpenID is dead. Some clearly think it can’t. I and other OpenID advocates are hopeful it can. But I’m not dumb. I can see it’s not a blazing success. Though I think it could be.

But either way people want a single way to remember all usernames and password. In recent brainstorm sessions I have come up with what I think would be my perfect login system. I start up firefox… enter a single password… and Firefox, through a standard API, logs me in to all the sites I use in the background. Perhaps it has a lot of security problems… but when it comes to convenience it sounds awesome to me.

But if OpenID truly fails then we need a different approach. We need a system that can retrofit on top of the Username and Password system that I can explain to my mom and she will understand and be able to tell others. It has to be dead simple.

]]>