Items tagged openid
Filters: openid ×
OpenID is a new and maturing technology, and HealthVault is frankly the most sensitive relying party in the OpenID ecosystem. It just makes sense for us to take our first steps carefully.
TechCrunch report that Microsoft are accepting OpenID for their new HealthVault site, but with a catch: you can only use OpenIDs from two providers: Trustbearer (who offer two-factor authentication using a hardware token) and Verisign. "Whatever happened to the Open in OpenID?", asks TechCrunch’s Jason Kincaid.[... 451 words]
OpenID phishing demo (via) A demonstration of the OpenID man-in-the-middle phishing attack. idproxy.net OpenIDs are immune to this particular variant due to the landing page not asking for your password (the phishing site could still provide their own redesigned landing page and hope users don’t notice though). # 28th May 2008, 8:09 am
Byteflow Blog Engine. This looks like the most full-featured of the Django blog engines by a pretty big margin, including OpenID client and server support. A product of the growing Russian/Ukrainian Django community. # 11th May 2008, 7:41 pm
SourceForge Allows OpenID Logins. Excellent—SourceForge is the kind of site that I log in to infrequently enough to always forget my password (and indeed username) making OpenID a great fit. # 1st May 2008, 1:05 pm
HTML 5 vs. Yadis. The draft HTML5 spec currently disallows values for http-equiv and link rel which aren’t listed in the spec—meaning both methods of specifying a link to an OpenID server are invalid for HTML5. This should probably be fixed... # 19th April 2008, 4:35 pm
PayPal Plans to Ban Unsafe Browsers. At first I thought they were going to encourage real anti-phishing features in browsers, which would be a big win for OpenID... but it turns out they’re just requiring EV SSL certificates which have been proven not to actually work. # 19th April 2008, 10:45 am
OpenID and Spam. Matt Mullenweg: “OpenID has a ton of promise for the web—let’s not hurt it by setting people up for disappointment by telling them it’s a spam blocker when it’s not.” True for the case of general registration, but I still believe whitelisting known OpenIDs could be a powerful tool for fighting spam on personal sites. # 2nd April 2008, 7:33 pm
The real roadblocks to data portability on social networks. A bunch of smart questions posed by Facebook’s Dave Morin. This is why I think data portability is the wrong framing—moving data between sites is really hard. Importing social relationships between sites is much more viable (hence my interest in social network portability). Also, the complaints about systems sharing e-mail addresses are neatly addressed by using OpenID as the GUID for a user instead. OpenIDs can’t be spammed. # 26th March 2008, 7:53 pm
Clickpass. Peter Nixey’s new OpenID startup has finally launched—does a great job of making OpenID more approachable with a clean, well designed UI and a neat orange button. # 11th March 2008, 4:47 pm
A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy. # 8th February 2008, 11:39 am
Yahoo! OpenID Provider service now available as a public beta. This actually happened a few days ago, but I’ve been offline for the past week travelling to New Zealand and attending Kiwi Foo. # 3rd February 2008, 10:17 pm
In hindsight, it was a mistake to launch Django People without support for OpenID. It was on the original feature list, but in the end I decided to cut any feature that wasn’t completely essential in order to get the site launched before it drowned in an ocean of “wouldn’t-it-be-cool-ifs”.[... 626 words]
Telegraph to become OpenID provider (via) “The Telegraph will soon become the first newspaper in the world, and the first British media company, to become an OpenID provider.”. Didn’t see that one coming! # 21st January 2008, 2:43 pm
Yahoo! OpenIDs are the same for all RPs. I had assumed that Yahoo! would be using directed identity to provide a different OpenID for each user/site combination, to prevent correlation of accounts. I was incorrect; they’re just using it for easier sign-in, with the same auto-generated URL used for every site. # 19th January 2008, 9:05 am
Yahoo!’s provider implementation only supports consumers that talk the Auth 2.0 protocol. Technically the 2.0 spec allows providers to shun 1.1, but it’s not recommended for the reason that I’m sure will become obvious once Yahoo! launches: there’s no way for your average end-user to distinguish between a 1.1 and a 2.0 implementation.
Oh, and before anyone jumps on me about this not being “full” (meaning bi-directional) OpenID support, I’m quite aware of that. Consuming OpenID is a different beast that can’t happen overnight. Give it some time. I’m optimistic that we’ll get there.
A Yahoo! ID is one of the most recognizable and useful accounts to have on the Internet and with our support of OpenID, it will become even more powerful. Supporting OpenID gives our users the freedom to leverage their Yahoo! ID both on and off the Yahoo! network, reducing the number of usernames and passwords they need to remember and offering a single, trusted partner for managing their online identity.
Yahoo! Announces Support for OpenID. Here’s the official press release: “Yahoo! Support Triples Number of OpenID Accounts to 368 million”. Directed identity gets a mention; it’s going to be enabled for www.yahoo.com and www.flickr.com. The public beta starts on January 30th. # 17th January 2008, 2:29 pm
twauth: simple mobile openid using twitter (via) Brilliant proof of concept by Ian McKellar: an OpenID provider that authenticates you by sending you a Twitter direct message. # 14th January 2008, 10:28 pm
In my opinion it is better to compare OpenIDs to credit cards. [...] Just as a credit card company may place limit on the level of guarantee, web sites are at liberty to restrict the OpenIDs it will recognize and accept. Just as many of us carry more than one credit card, we may have multiple OpenIDs and use them for different occasions. Just as some department store credit card is not accepted outside of that store, it is possible that IDs issued by some OpenID providers may not be accepted by some sites.
The Flickr [OpenID] implementation, coupled with their existing API, means we could all offer things like “log into my personal site for family (or friends)” and defer buddylist management to the well-designed Flickr site, assuming all your friends or family have Flickr accounts.
[... 582 words]