[thelist] [OT] OpenID

[Kevin Timmins]

it was actually stack overflow that i first saw it on, and i didn't know 
whether to trust it or not. however from the sounds of it its a bit of a bad 
idea to use because it doesn't really save any time, although it does mean 
that you only need to have one account hacked, and then there is potential 
access to everything that you have used the open id to log in with to.
thank you for all the information, its interesting to hear about.
kevin.

--------------------------------------------------
From: "Jack Timmons" <jorachim at gmail.com>
Sent: Tuesday, March 24, 2009 10:48 AM
To: <thelist at lists.evolt.org>
Subject: Re: [thelist] [OT] OpenID

> On Tue, Mar 24, 2009 at 4:55 AM, Lee Kowalkowski <
> lee.kowalkowski at googlemail.com> wrote:
>
>> 2009/3/23 Jack Timmons <jorachim at gmail.com>:
>> > On Mon, Mar 23, 2009 at 6:10 PM, Kevin Timmins <
>> kipper_timmins at live.co.uk>wrote:
>> >> I have discovered
>> >> OpenID,
>> >> Here is a link if you haven't heard of it, http://openid.net/
>> >> I am un-sure at the moment whether this is a good secure service and I
>> was
>> >> wondering if any of you folks had any experience with this.
>>
>> > Last I checked, it was going to be too much of a headache for us to
>> > implement
>>
>> I've only seen it used on stackoverflow.com, which is even a headache
>> for a user if you don't habitually authenticate with one of their
>> OpenID providers whenever you surf.
>> --
>> Lee
>>
>
> I gazed over the specs and that's exactly what happens.
>
> Personally, I wouldn't even bother with it. I think it's a case of "good
> ideal, bad implementation". Why can't I just have a page I can CURL from 
> the
> server to authenticate from? Instead of redirecting them (adding no less
> than two extra steps to a login process that takes only one if I don't use
> it), I could just use the feedback from there.
>
> We're trying to design a site so the user goes through as little steps as
> possible to get what they want, and redirecting them from our site just to
> support OpenID is useless, especially since our signup process itself 
> takes
> as many steps.
>
> Give me something that acts more like Gravatar, in which I, as a user, 
> only
> have to provide my email address. I'm always surprised to see my avatar 
> pop
> up on sites that use it. It's a good thing.
>
> -- 
> -Jack Timmons
> http://www.trotlc.com
> Twitter: @codeacula
> -- 
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>