Simon Willison’s Weblog

... Facebook will be hosting the second User Experience Summit for OpenID on February 10th. The goal is to convene some of the best designers that leading internet companies can muster, and bring them together to develop a series of guidelines, best practices, iterations, and interfaces for making OpenID not just suck less, but become a great experience

— Chris Messina # 6th February 2009, 12:19 am

In the final Production release we will be adding the ability to sign in to the Live ID OpenID Provider using any of the credential types that can be used with regular Live ID sign-in’s -- including CardSpace, SmartCard, eID, etc.

— Jorgen Thelin # 30th October 2008, 5:09 pm

New authentication schemes such as OpenID, or Microsoft’s CardSpace, may help as adoption increases. These systems make it possible to register for one site using credentials verified by another. Instead of having many sites with poor verification procedures, the internet could have a few sites with strong verification procedures, that are then used by others. The advantage for the user is that they no longer have to jump through multiple hoops for each new site they encounter.

— Tim Anderson (in the Guardian) # 29th August 2008, 10:01 am

OpenID is a new and maturing technology, and HealthVault is frankly the most sensitive relying party in the OpenID ecosystem. It just makes sense for us to take our first steps carefully.

— Sean Nolan # 24th June 2008, 6:29 pm

Yahoo!’s provider implementation only supports consumers that talk the Auth 2.0 protocol. Technically the 2.0 spec allows providers to shun 1.1, but it’s not recommended for the reason that I’m sure will become obvious once Yahoo! launches: there’s no way for your average end-user to distinguish between a 1.1 and a 2.0 implementation.

— Martin Atkins # 18th January 2008, 7 am

Oh, and before anyone jumps on me about this not being “full” (meaning bi-directional) OpenID support, I’m quite aware of that. Consuming OpenID is a different beast that can’t happen overnight. Give it some time. I’m optimistic that we’ll get there.

— Jeremy Zawodny # 17th January 2008, 7:05 pm

A Yahoo! ID is one of the most recognizable and useful accounts to have on the Internet and with our support of OpenID, it will become even more powerful. Supporting OpenID gives our users the freedom to leverage their Yahoo! ID both on and off the Yahoo! network, reducing the number of usernames and passwords they need to remember and offering a single, trusted partner for managing their online identity.

— Ash Patel # 17th January 2008, 2:31 pm

In my opinion it is better to compare OpenIDs to credit cards. [...] Just as a credit card company may place limit on the level of guarantee, web sites are at liberty to restrict the OpenIDs it will recognize and accept. Just as many of us carry more than one credit card, we may have multiple OpenIDs and use them for different occasions. Just as some department store credit card is not accepted outside of that store, it is possible that IDs issued by some OpenID providers may not be accepted by some sites.

— Rao Aswath # 10th January 2008, 6:50 pm

The Flickr [OpenID] implementation, coupled with their existing API, means we could all offer things like “log into my personal site for family (or friends)” and defer buddylist management to the well-designed Flickr site, assuming all your friends or family have Flickr accounts.

— Dan Brickley # 9th January 2008, 2:15 pm

I think it is well established that HTTP Authentication needs a major kick in the ass and OpenID and OAuth may get us most of the way there. However, until I see RFC#s attached to both I’m hardly going to consider them to be complete. I propose the creation of an IETF WG on Identity and Authentication. The WG would be chartered to produce two RFCs covering each of the two areas. OpenID and OAuth could be used to seed the WG effort.

— James Snell # 18th November 2007, 12:15 am

Your telco knows who you are, where you live and even your credit card number or bank account. It’s their business to provide you physical access from a real location and identify you as a customer by sending you invoices and receiving money from you. This means that Orange OpenIDs are verified IDs of real people as a matter of principle.

— Thomas Huhn # 25th September 2007, 12:03 pm

Does the idea of redefining the role of the Internet browser appeal to you? Do the terms HTTP, RSS, Microformats, and OpenID, excite you? If so, then this just might be the opportunity for you.

— IE Team Job Ad # 18th July 2007, 7:43 am

An OpenID provider should catalogue the sites that a user logs into and automatically construct a homepage for them. That way, not only do the users have the convenience of having their favourite websites automatically bookmarked and readily available, but (with a little help from the consumers), they don’t have to log into the individual sites at all.

— Bogtha # 13th July 2007, 7:26 am

There is a problem of managing identity across the internet, so when I say Darren Waters I mean this person and all of the manifestations and representations and personas of that person. The ability to knit those together is a huge challenge and opportunity for us as an industry.

— Bradley Horowitz # 1st July 2007, 8:54 am

Despite it being a best practice, currently only a handful of OpenID Consumer sites support the association of multiple OpenID identifiers to a single “account”. This is important to create redundancy to make the loss of an identifier less catastrophic.

— Martin Atkins # 28th February 2007, 9:56 pm

OpenID is particularly appealing to OLPC, because it can be used to perpetuate passwordless access even on sites that normally require authentication [...] With an OpenID provider service running on the school server (or other trusted servers), logins to OpenID-enabled sites will simply succeed transparently, because the child’s machine has been authenticated in the background

— Ivan Krstić # 17th February 2007, 12:42 am

We don’t yet accept OpenID identities within our products as a relying party, but we’re actively working on it. That roll-out is likely to be gradual.

— John Panzer, AOL # 15th February 2007, 11:33 am

We have a unique opportunity with phishing and OpenID. OpenID can make the possibility for bad things to happen from phishing that much worse. However, having an OpenID means you create a more intimate relationship with your OpenID provider. You go there everyday. You will more likely know when something is wrong.

— Scott Kveton # 24th January 2007, 3:02 pm

I can also sum things up for you even more succinctly:
—users are task oriented, driving to complete the goal the
quickest way possible
—users pay more attention to the content area than the browser chrome
—users don’t understand how easy it is to spoof a website

— Mike Beltzner # 19th January 2007, 5:33 pm