Simon Willison’s Weblog

Subscribe
Atom feed for openid

213 items tagged “openid”

2008

The Flickr [OpenID] implementation, coupled with their existing API, means we could all offer things like "log into my personal site for family (or friends)" and defer buddylist management to the well-designed Flickr site, assuming all your friends or family have Flickr accounts.

Dan Brickley

# 9th January 2008, 2:15 pm / flickr, dan-brickley, openid

Yahoo!, Flickr, OpenID and Identity Projection

Via ReadWriteWeb, view source on a Flickr photostream page and search for “openid” and you’ll be rewarded with the following snippet:

[... 582 words]

Flickr to Authenticate OpenID. Flickr /photos/username/ pages are now (almost) OpenIDs—they point at a new Yahoo!-wide OpenID server, but it hasn’t been switched on yet. It’s OpenID 2 only, presumably so Yahoo! can protect their users’ privacy by using directed identity to hide individual screen names.

# 7th January 2008, 10:48 pm / yahoo, flickr, openid, openid2

2007

OpenID and Google’s Blogger. Blogger gets it wrong by displaying a nickname derived from the OpenID URL (in Malcolm’s case, “blog”) instead of the user entered nickname.

# 30th December 2007, 10:35 am / openid, malcolmtredinnick, google, blogger, usability

James Henstridge: OpenID 2.0. Excellent description of the new features in OpenID 2.0, including a clear explanation of directed identity and attribute exchange.

# 7th December 2007, 11:53 am / openid, directedidentity, attributeexchange, inames, openid2, james-henstridge

Thanks to OpenID and OAuth, the Open Social Web is Beginning to Emerge. My blog’s OpenID powered watchlist and “your comments” features got a write-up on Wired! Nice to know that someone has noticed them.

# 7th December 2007, 12:57 am / openid, oauth, wired, opensocialweb, watchlist

DiSo: Distributed Social Networking applications (via) New project to prototype a decentralised social network on top of WordPress, using OpenID, microformats and social whitelisting.

# 6th December 2007, 5:48 pm / socialwhitelisting, microformats, openid, diso, prortablesocialnetworks

OpenID 2.0 Final(ly)! Launched at the Internet Identity Workshop. The most interesting feature is probably directed identity, which goes a long way to solving some of the usability issues involved in users having to enter their own URLs.

# 5th December 2007, 9:01 pm / openid, openid2, iiw, directedidentity

Call for Participation for XTech 2008. XTech 2008 will be in Dublin, Ireland from the 6th to the 9th of May. Lots of really interesting topics in the CfP (OpenID, OAuth, Comet, CouchDB...)—deadline for submissions is the 25th of January.

# 5th December 2007, 3:28 pm / xtech, conferences, cfp, openid, oauth, comet, couchdb

Blogger: OpenID commenting (via) I may be wrong, but I think this is the first Google property to support OpenID in any way.

# 30th November 2007, 7:10 pm / openid, brad-fitzpatrick, google, blogger

Portable Social Networks: Take Your Friends with You. Brian Suda explains how OpenID, XFN and hCard can be used together to bootstrap portable social networks.

# 23rd November 2007, 11:56 pm / hcard, brian-suda, microformats, openid, xfn, portablesocialnetworks

Giant Global Graph. Tim Berners-Lee points out that the Semantic Web is designed to solve problems such as portable social networks.

# 22nd November 2007, 12:30 am / portablesocialnetworks, openid, tim-berners-lee, semanticweb, socialgraph

I think it is well established that HTTP Authentication needs a major kick in the ass and OpenID and OAuth may get us most of the way there. However, until I see RFC#s attached to both I'm hardly going to consider them to be complete. I propose the creation of an IETF WG on Identity and Authentication. The WG would be chartered to produce two RFCs covering each of the two areas. OpenID and OAuth could be used to seed the WG effort.

James Snell

# 18th November 2007, 12:15 am / http, james-snell, openid, rfc, oauth, ietf, standards, standardisation

How will OpenID change your site? Excellent introduction to OpenID by Peter Nixey—includes some really nice analogies for explaining both the concept and the implications.

# 7th November 2007, 10:41 am / peter-nixey, openid, thinkvitamin

MyOpenID adds Information Card Support. First client SSL certificates, now Information Cards. MyOpenID is certainly taking browser-based phishing solutions seriously.

# 18th October 2007, 9:10 pm / myopenid, janrain, openid, phishing, security, informationcards

OpenID.net has been redesigned. Love the new look—much cleaner and easier to understand, and it now gives people looking to get themselves an OpenID somewhere to go.

# 9th October 2007, 2 am / openid

identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin.

# 4th October 2007, 2:53 pm / identitymatcher, plugins, microformats, matt-biddulph, facebook, gmail, dopplr, openid, portablesocialnetwork, rails, ruby, socialgraph, twitter, fowa, fowa2007

Cronto. I saw a demo of this the other day—it’s a neat anti-phishing scheme that also protects against man in the middle attacks. It works using challenge/response: an image is shown which embeds a signed transaction code; the user then uses an application on their laptop or mobile phone to decode the image and enters the resulting code back in to the online application.

# 2nd October 2007, 1:14 am / phishing, cronto, security, maninthemiddle, signing, challengresponse, openid

BBC Radio 4—Click On. I was interviewed on today’s programme, about OpenID. The clip is about 7 minutes in to the program, which is available using RealPlayer and the BBC’s Listen Again service.

# 1st October 2007, 11:56 pm / openid, listenagain, clickon, bbc, radio, radio4, realplayer

Email addresses your OpenID via DNS. Sam Ruby has warmed to the idea of making e-mail addresses usable as OpenIDs via a DNS SRV record.

# 30th September 2007, 9:36 pm / dns, srv, sam-ruby, openid, email

Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

Sun’s OpenID IdP: Real vs Fake. The thinking behind Sun’s decision to allow users of their OpenID provider to pick fake names and assign personal e-mail addresses.

# 25th September 2007, 10:39 pm / privacy, identity, openid, pii, sun, sunmicrosystems, lauren-wood

Your telco knows who you are, where you live and even your credit card number or bank account. It's their business to provide you physical access from a real location and identify you as a customer by sending you invoices and receiving money from you. This means that Orange OpenIDs are verified IDs of real people as a matter of principle.

Thomas Huhn

# 25th September 2007, 12:03 pm / strongidentity, orange, openid, identity, thomas-huhn

France Telecom Supports OpenID! France Telecom is the parent company of Orange. Apparently all 40 million France Telecom subscribers now have an OpenID.

# 25th September 2007, 12:49 am / openid, orange, francetelecom, david-recordon

Sun’s OpenID IdP: Data Governance. Lauren Wood explains the checklist used to ensure Sun’s OpenID provider adequately respected user privacy and data governance (what happens to the data that is stored).

# 22nd September 2007, 8:50 pm / openid, sun, sunmicrosystems, lauren-wood, governance, data-governance, privacy

Sun OpenID IdP: protocol and implementation review. Sun employees are posting lots of useful insights gathered during the implementation of their OpenID provider.

# 22nd September 2007, 8:22 pm / openid, sunmicrosystems, sun

Quechup: Another Social Network Enemy! This is why we need to stop teaching users that it’s OK to give their e-mail username and password to any site that asks for it.

# 21st September 2007, 11:36 pm / quechup, openid, oauth, socialnetworks, spam

OAuth: Your valet key for the Web. OAuth is a really important new specification that aims to solve the “give this application permission to do X on my behalf” problem once and for all.

# 21st September 2007, 11:34 pm / oauth, openid, specification, authentication, web-services, apis

Google To “Out Open” Facebook On November 5. “Google will announce a new set of APIs on November 5 that will allow developers to leverage Google’s social graph data. They’ll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.”

# 21st September 2007, 11:23 pm / socialgraph, google, igoogle, orkut, google-talk, gmail, openid, michael-arrington, techcrunch

Six Apart: We Are Opening the Social Graph. Six Apart put their cards on the table with respect to the social graph problem—focusing on OpenID, XFN and FOAF as enabling technologies. Be sure to watch the screencast demo of their new social graph visualisation tool.

# 20th September 2007, 9:19 pm / sixapart, david-recordon, openid, socialgraph, xfn, foaf