Comments on: OpenID – What is it, and why everyone is talking about it

By: thuhn

thuhn — Wed, 30 Nov -0001 00:00:00 +0000

Allen, as you stated, OpenID is still in the adoption phase. For anyone who is looking for OpenID enabled sites, we have launched “The OpenID Directory” two weeks ago. I hope this helps showing the facettes of usefullness of this emerging technology.

Also it´s good to see, that you practice what you preach: the OpenID login on centernetworks works perfectly and so we submitted your site to the directory. I hope this is fine for you.

Thanks and keep up the good work!

Thomas Huhn

By: centernetworks

centernetworks — Wed, 30 Nov -0001 00:00:00 +0000

Thomas - for clarification, Jake wrote the article. Your site looks nice, I see we have 4 votes :) I am glad the OpenID worked for you here, I am still testing it a bit.

I have pushed for SSO since my early Intranet days when every division built their own user databases.

By: Loud Is Relative

Loud Is Relative — Wed, 30 Nov -0001 00:00:00 +0000

I run an online concert promotion company (www.loudisrelative.com) that just integrated OpenID technology and am thoroughly impressed with the amount of buzz it has received in the past couple months. It is a truly easy-to-integrate technology that has really helped launch our site!

Thanks for everything!

By: whta

whta — Wed, 30 Nov -0001 00:00:00 +0000

I had been wondering the specifics of this myself for some time. Thanks for the clarification.

PS – you have enough comma splices to send any English teacher into a raging fit

By: ZamphirTheBunnyKIng

ZamphirTheBunnyKIng — Wed, 30 Nov -0001 00:00:00 +0000

I see a downside to all this – identity theft on a truly massive scale! Bring it own, bee-yotches!

By: Anonymous

Anonymous — Wed, 30 Nov -0001 00:00:00 +0000

didn’t microsoft, try, to, do this, with, passport, already, ?, i mean, what, makes you, think, anybody is going, to, adopt this, ???.

By: Anonymous

Anonymous — Wed, 30 Nov -0001 00:00:00 +0000

Is it me or doesnt anybody get the security hole this represents??
Now crackers need to crack only one id and get access to anything and everything!
Why is this more secure???

By: Agret

Agret — Wed, 30 Nov -0001 00:00:00 +0000

Learn, how, to, use, commas, please.

By: Angus

Angus — Wed, 30 Nov -0001 00:00:00 +0000

You keep using that word. I do not think it means what you think it means.

By: fnurt

fnurt — Wed, 30 Nov -0001 00:00:00 +0000

I’m, with, anony,mous.

Learn how to use punctuation, I couldn’t even read the post.

By: Mike

Mike — Wed, 30 Nov -0001 00:00:00 +0000

WTF? You guys are such anal-retentive grammar nazis. Give it a rest, that was a useful, informative article and an interesting comment. Thanks for the info.

By: Will

Will — Wed, 30 Nov -0001 00:00:00 +0000

There is a reason why things like this don’t work. Big website owners don’t want you to go to the competition, and this is giving you a free ticket to go anywhere. Sure its great for users, but businesses hate the idea. Its the reason msn passport failed.

By: Anonymous

Anonymous — Wed, 30 Nov -0001 00:00:00 +0000

I dont get it, I’ve read sevaral sites about how the process works (hmm lots of gee wizz while short on details).

But basically the flaw I see is once a ‘bad site’ is set up and you sign in using open id this persona can now rip off your details and log in at all other open id sites using your details.

Am I missing something?

If so I’d really like to know about it.

Cheers,
Dean
http://www.collins.net.pr/blog

By: Anonymous

Anonymous — Wed, 30 Nov -0001 00:00:00 +0000

Finally, someone drops the other shoe. This is a huge security issue.
I would never adopt such a system for this reason, (among others):

As a user, who has my password cracked (or I accidentally allow it to be compromised) – Then this gives access to everything!

I find the name very ironic, and rather apt. Lose or expose one ID and all your services/web sites are wide open!!! Hence the name, openID. I can’t help but laugh at that, sorry.

In other aspects, this article seems to miss a rather important aspect, “accountability”. For example, if an unreliable OpenID provider results in my openID being compromised, who is responsible? This begs another question:

How do I know which providers are reliable? or for that matter, What safeguards are in place to notify users when their openID’s are suspected of being compromised?

I’m happy with the way things are. Different sites have different usernames and passwords. I lose one credential and only my access, to the specific site it was used for, is effected. Currently it seems, openID cannot provide this degree of “full redundancy” (as in mesh topology), if an ID is breeched.

By: Anonymous

Anonymous — Wed, 30 Nov -0001 00:00:00 +0000

Yes, you are missing something. Try it out, then give opinions. http://www.myopenid.com... It takes 5 minutes to truly understand OpenID, try not to make comments until you take the 5 minutes.