Signin
Feeds
RSS
Atom
Categories
General
Technology
Korea
Archives
2007
2006
2005
2004
2003
2002
OpenID Blues
by Don Park at 2007/01/09 01:41:13

OpenID is a maturing (not quite there yet) standard for decentralized exchange of identity-related assertions. In plain-speak, what that means is that OpenID is the lingo used by your friend Bob to assure Alice, whom you just met, that you are a reasonable guy and not some freaky psycho. Technology-wise, it's just another fish. What sets it apart from other competing 'languages' is that it is still moving and being watched. Believe it or not, that's a big deal since, if it doesn't move or is ignored, it's about as interesting as a dead corpse appearing in CSI episodes.

OpenID is a solution. Like many solutions, it replace a set of questions with another, the most prominent one being the one asked by Alice: Who the hell is Bob and why should I trust him? Well, I am still trying to kill them. The problem is there are too many ifs and buts flopping about on the floor still, many of which will, I am sure, make a nice cost-of-entry for some deserving players.

This reminds me, I want to take some lessons on how to sing the blues. I tried self-learning but it comes out rather like a crazy cat stuck in a drain pipe. Any blues singers in the SF peninsula who'll accept irresistible charm as payment? I have a problem with paying for anything that won't break down in 6 months.

Comments
Simon Willison   at 2007/01/10 02:23:08 AM
I think your basic assertion about OpenID is incorrect here. OpenID doesn't tell you "this person is a reasonable guy and not a psycho". Instead, it tells you "this person or entity has the ability to prove that they have ownership over a specific URL". They could be evil, they could be a spammer, they could even be using a mailinator style service that says "Yes!" to everyone including people who don't really own the URL in question.

None of this prevents OpenID from being incredibly useful. You need to think of OpenID as an alternative to authorisation by username and password, not an alternative to a full-blown account system. If someone signs in to your site using an OpenID you still know nothing about them - so you still need to take the steps you would with a traditional account: put them through a CAPTCHA, send a verification e-mail or whatever it is that you normally do.

All OpenID does is prevent my from having to remember my username and password combination for dozens of different sites. It solves one problem and solves it well.

Simon Willison   at 2007/01/10 03:04:26 AM
I've posted a follow-up to my blog:

http://simonwillison.net/2007/Jan/10/account/

The best explanation of this appears to be the original OpenID homepage, which sadly is now only available through archive.org:

http://web.archive.org/web/20050521002209/www.danga.com/openid/

Don Park   at 2007/01/10 02:07:29 PM
Simon, while I appreciate your attempt to clarify, I compared OpenID to a *lingo* and, as you pointed out, a lingo can be used to say anything. Another problem with languages is that it doesn't prevent listeners from hearing what they want to hear instead of what was said. Oh well.

BTW, I wouldn't exactly categorize myself as someone outside the identity space.

Simon Willison   at 2007/01/10 03:48:30 PM
Don: my apologies; I completely misrepresented what you said. I'll post a correction now.

Don Park   at 2007/01/10 04:42:56 PM
No big deal, Simon. While brains can count beans, hearts count souls. ;-)

Andreas   at 2007/07/03 02:13:47 AM
Is it possible to configure OpenID for a particular website, which is built say on Drupal?

Your Identicon:
Name: * required
Email:
Website URL:
 
Comment:
HTML not supported