Simon Willison’s Weblog


213 items tagged “openid”


Email Address to URL Transformation (EAUT) specification now available! Allows OpenID users to login using their E-mail address, which is converted in to an OpenID URL based on rules specified in an XRDS document attached to the root domain. Seems like a good idea to me.

# 22nd July 2008, 7:30 pm / openid, email, eaut, urls, xrds

MySpace To Join OpenID, Bringing Total Enabled Accounts to Over A Half Billion. Another 200 million OpenIDs—but the important difference between this and the Yahoo! and AOL announcements is that MySpace users know what their profile URL is. Whenever people have told me OpenID is flawed because people don’t understand URLs I’ve answered “sure they don’t, but they know their MySpace page”.

# 21st July 2008, 7:42 pm / myspace, openid, urls Neat community for discussing improvements to code snippets. Login using OpenID.

# 28th June 2008, 11:46 pm / refactoring, openid, community, refactormycode

OpenID is a new and maturing technology, and HealthVault is frankly the most sensitive relying party in the OpenID ecosystem. It just makes sense for us to take our first steps carefully.

Sean Nolan

# 24th June 2008, 6:29 pm / openid, healthvault, security, seannolan

The point of “Open” in OpenID

TechCrunch report that Microsoft are accepting OpenID for their new HealthVault site, but with a catch: you can only use OpenIDs from two providers: Trustbearer (who offer two-factor authentication using a hardware token) and Verisign. "Whatever happened to the Open in OpenID?", asks TechCrunch’s Jason Kincaid.

[... 451 words]

OpenID phishing demo (via) A demonstration of the OpenID man-in-the-middle phishing attack. OpenIDs are immune to this particular variant due to the landing page not asking for your password (the phishing site could still provide their own redesigned landing page and hope users don’t notice though).

# 28th May 2008, 8:09 am / phishing, openid, idproxy, security

Byteflow Blog Engine. This looks like the most full-featured of the Django blog engines by a pretty big margin, including OpenID client and server support. A product of the growing Russian/Ukrainian Django community.

# 11th May 2008, 7:41 pm / openid, byteflow, django, python, russia

SourceForge Allows OpenID Logins. Excellent—SourceForge is the kind of site that I log in to infrequently enough to always forget my password (and indeed username) making OpenID a great fit.

# 1st May 2008, 1:05 pm / sourceforge, openid

HTML 5 vs. Yadis. The draft HTML5 spec currently disallows values for http-equiv and link rel which aren’t listed in the spec—meaning both methods of specifying a link to an OpenID server are invalid for HTML5. This should probably be fixed...

# 19th April 2008, 4:35 pm / html5, openid, yadis, standards

PayPal Plans to Ban Unsafe Browsers. At first I thought they were going to encourage real anti-phishing features in browsers, which would be a big win for OpenID... but it turns out they’re just requiring EV SSL certificates which have been proven not to actually work.

# 19th April 2008, 10:45 am / openid, paypal, security, phishing, evssl

OpenID for Google Accounts. Google App Engine integrates with Google’s user accounts, so Ryan Barrett (of Google) used it to build an style OpenID provider.

# 9th April 2008, 1:09 am / openid, idproxy, ryan-barrett, google, googleappengine

OpenID and Spam. Matt Mullenweg: “OpenID has a ton of promise for the web—let’s not hurt it by setting people up for disappointment by telling them it’s a spam blocker when it’s not.” True for the case of general registration, but I still believe whitelisting known OpenIDs could be a powerful tool for fighting spam on personal sites.

# 2nd April 2008, 7:33 pm / whitelisting, spam, socialwhitelisting, openid, matt-mullenweg

Interviewing Simon Willison about OpenID. I sat down with Vikram Kumar at Webstock to talk about OpenID, and the video is now online.

# 30th March 2008, 6:40 pm / webstock, webstock08, vikramkumar, openid

The real roadblocks to data portability on social networks. A bunch of smart questions posed by Facebook’s Dave Morin. This is why I think data portability is the wrong framing—moving data between sites is really hard. Importing social relationships between sites is much more viable (hence my interest in social network portability). Also, the complaints about systems sharing e-mail addresses are neatly addressed by using OpenID as the GUID for a user instead. OpenIDs can’t be spammed.

# 26th March 2008, 7:53 pm / openid, facebook, dave-morin, robert-scoble, dataportability, guid, portablesocialnetworks

Clickpass. Peter Nixey’s new OpenID startup has finally launched—does a great job of making OpenID more approachable with a clean, well designed UI and a neat orange button.

# 11th March 2008, 4:47 pm / clickpass, peter-nixey, openid, startup, usability

A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy.

# 8th February 2008, 11:39 am / email, openid, urls, brad-fitzpatrick, yadis

Interview: Simon Willison on OpenID. Christian Heilmann interviewed me for the YDN blog.

# 3rd February 2008, 10:18 pm / christian-heilmann, interview, openid, ydn, yahoo

Yahoo! OpenID Provider service now available as a public beta. This actually happened a few days ago, but I’ve been offline for the past week travelling to New Zealand and attending Kiwi Foo.

# 3rd February 2008, 10:17 pm / openid, kiwifoo, beta, yahoo

Django People: OpenID and microformats

In hindsight, it was a mistake to launch Django People without support for OpenID. It was on the original feature list, but in the end I decided to cut any feature that wasn’t completely essential in order to get the site launched before it drowned in an ocean of “wouldn’t-it-be-cool-ifs”.

[... 626 words]

Telegraph to become OpenID provider (via) “The Telegraph will soon become the first newspaper in the world, and the first British media company, to become an OpenID provider.”. Didn’t see that one coming!

# 21st January 2008, 2:43 pm / telegraph, openid, newspaper

Yahoo! supporting OpenID 2.0 but not 1.1. Yahoo!’s Allen Tom outlines the reasons Yahoo! are supporting OpenID 2.0 but not OpenID 1.1.

# 19th January 2008, 9:10 am / yahoo, allen-tom, openid, openid2

Yahoo! OpenIDs are the same for all RPs. I had assumed that Yahoo! would be using directed identity to provide a different OpenID for each user/site combination, to prevent correlation of accounts. I was incorrect; they’re just using it for easier sign-in, with the same auto-generated URL used for every site.

# 19th January 2008, 9:05 am / directedidentity, openid, yahoo

New feature: Blogger as OpenID provider (via) You can now enable your Blogger blog as an OpenID.

# 18th January 2008, 1:38 pm / blogger, openid, google

Yahoo!'s provider implementation only supports consumers that talk the Auth 2.0 protocol. Technically the 2.0 spec allows providers to shun 1.1, but it's not recommended for the reason that I'm sure will become obvious once Yahoo! launches: there's no way for your average end-user to distinguish between a 1.1 and a 2.0 implementation.

Martin Atkins

# 18th January 2008, 7 am / yahoo, openid, martinatkins, livejournal, openid2

Oh, and before anyone jumps on me about this not being "full" (meaning bi-directional) OpenID support, I'm quite aware of that. Consuming OpenID is a different beast that can't happen overnight. Give it some time. I'm optimistic that we'll get there.

Jeremy Zawodny

# 17th January 2008, 7:05 pm / openid, yahoo, jeremy-zawodny Yahoo!’s human readable guide to OpenID, complete with tour. It looks like they’re relying on the “sign-in seal” to protect against phishing.

# 17th January 2008, 2:35 pm / phishing, yahoo, openid, security, signinseal

A Yahoo! ID is one of the most recognizable and useful accounts to have on the Internet and with our support of OpenID, it will become even more powerful. Supporting OpenID gives our users the freedom to leverage their Yahoo! ID both on and off the Yahoo! network, reducing the number of usernames and passwords they need to remember and offering a single, trusted partner for managing their online identity.

Ash Patel

# 17th January 2008, 2:31 pm / ash-patel, openid, yahoo

Yahoo! Announces Support for OpenID. Here’s the official press release: “Yahoo! Support Triples Number of OpenID Accounts to 368 million”. Directed identity gets a mention; it’s going to be enabled for and The public beta starts on January 30th.

# 17th January 2008, 2:29 pm / directedidentity, flickr, openid, yahoo

twauth: simple mobile openid using twitter (via) Brilliant proof of concept by Ian McKellar: an OpenID provider that authenticates you by sending you a Twitter direct message.

# 14th January 2008, 10:28 pm / twitter, openid, ian-mckellar

In my opinion it is better to compare OpenIDs to credit cards. [...] Just as a credit card company may place limit on the level of guarantee, web sites are at liberty to restrict the OpenIDs it will recognize and accept. Just as many of us carry more than one credit card, we may have multiple OpenIDs and use them for different occasions. Just as some department store credit card is not accepted outside of that store, it is possible that IDs issued by some OpenID providers may not be accepted by some sites.

Rao Aswath

# 10th January 2008, 6:50 pm / raoaswath, openid, security, creditcards