Comments on: Facebook First Big Site To Really Embrace OpenID

By: David Evans

David Evans — Wed, 06 May 2009 23:55:55 +0000

The OpenID group has spent a considerable amount of time to ensure that your information is as secure as possible.

Using the same username and password for all sites is just as unsecure, but we all do it.

OpenID enables you to connect web services together without letting the “new” site know your passwords.

Think about Twitter, which you probably trust, and some random third-party service that enhances Twitter functionality, like tweetmeme.com, which you probably shouldn’t trust, at least at first. OpenID and it’s underlying stack of technologies should allow you to connect the two services without giving the untrusted service access to your username and password. OAuth is in there somewhere as well.

It’s all very technical and complicated, which is why I’ve been urging the OpenID people to simplify how they explain the service.

The idea is that at some point joining, logging in and sharing data between web services is going to be simple, easy and safe. Right now nothing could be further from the truth.

By: joe

joe — Wed, 06 May 2009 23:33:56 +0000

I Don’t really understand the need for OpenID when you can just use the same username and password for everything. OpenID can be dangerous if hackers get hold of it and can find out every site you are on. Is there a way to prevent ID theft and recovery?

By: Guillaume Theoret

Guillaume Theoret — Wed, 06 May 2009 17:55:23 +0000

I have a friend I went to university with that works on the cardspace team.

The problem with Microsoft solutions is that they tend to integrate it very well into their own products and technologies but ignore everything else. So if your site is in C# or ASP.NET and you code with Visual Studio, offering and integrating cardspace will probably be relatively easy but if you’re on a mac or linux and coding in php/python/ruby, it’ll probably be next to impossible.

For something like cardspace to gain traction it’ll have to be multi-platform with client libraries for many languages provided. While microsoft has been more open lately, I have a feeling cardspace is going to end up like silverlight: a nice technology that’s pretty much completely ignored.

By: David Recordon

David Recordon — Wed, 06 May 2009 17:55:21 +0000

This is actually one of the reasons why Facebook’s announcement is great for the OpenID ecosystem. They’re going to be releasing support to sign in with OpenID.

By: David Evans

David Evans — Wed, 06 May 2009 17:50:06 +0000

Guillaume you are spot on. I’ve logged into Plaxo and a few other sites with OpenID, not exactly a dearth of option at this point. Everyone wants to be a provider. Good points about the libraries. I’ve played around with the WordPress plugin here, which was b0rked when I tried it, same goes for Facebook Connect. I’ll try them again sometime. I’m still waiting for Microsoft’s Cardspace, surprised that hasn’t taken off either. Kim Cameron and Mike Jones at MS spearhead that initiative, haven’t checked in on it in a while.

By: Guillaume Theoret

Guillaume Theoret — Wed, 06 May 2009 17:37:38 +0000

The reason why you’ve never come across one is because all the major sites only implement half of OpenID. They’re OpenID providers but they aren’t OpenID consumers. Technically, your hotmail and yahoo accounts are OpenIDs but since both are OpenID providers *but not* consumers, you can’t log in to one with the other.

The only site I visit with an OpenID is http://www.stackoverflow.com , a programmer q/a community. Hopefully as OpenID gains more traction, the major sites will become consumers as well. Once the majors get dragged in expect a multitude of libraries that make it very easy to integrate OpenID login into your own site to pop up.