Simon Willison’s Weblog


213 items tagged “openid”


Ma.gnolia Blog: OpenID is Taking Off! Since November, 15% of new Ma.gnolia members signed up using an OpenID. # 22nd January 2007, 6:41 pm

Group Membership Protocol. Martin Atkins’ proposal for a simple “is OpenID X a member of group Y?” protocol, useful for whitelists that can scale to handle large numbers of entries. # 22nd January 2007, 8:27 am

Social whitelisting with OpenID

A key feature of OpenID is that it provides a globally unique identifier for every user, no matter what site or service they are using on the Web.

[... 502 words]

Anonymous OpenID. A mailinator-style service for OpenID. I’m glad someone’s built this; it reinforces the idea that an OpenID should not be trusted as an account without first using a verification step. # 21st January 2007, 2:03 am

Phishing and OpenID: Bookmarks to the Rescue? Ping extends my proposal to use bookmarks as the principle authentication mechanism, resulting in a system that is much easier for people to understand. # 21st January 2007, 1:36 am

XMPP OpenID server. An OpenID provider that sends you a Jabber message when you try to log in, to help guard against phishing. # 20th January 2007, 11:24 pm

I can also sum things up for you even more succinctly:
—users are task oriented, driving to complete the goal the
quickest way possible
—users pay more attention to the content area than the browser chrome
—users don’t understand how easy it is to spoof a website

Mike Beltzner # 19th January 2007, 5:33 pm

Links to academic papers on phishing. Posted to the openid-general list by Mike Beltzner. # 19th January 2007, 5:32 pm

Solving the OpenID phishing problem

Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.

[... 531 words]

Planet OpenID. Aggregating news about OpenID—surprisingly high traffic. # 18th January 2007, 12:04 am

OpenID users can be just as trusty as local users. Martin Atkins makes a similar argument to my own: OpenIDs are trustworthy, provided you subject them to the same authentication steps (CAPTCHA/e-mail validation) as regular users. # 16th January 2007, 11:13 am

Firefox3/Firefox Requirements (via) OpenID and CardSpace are both listed as mandatory features. # 11th January 2007, 6:56 pm

OpenID Speech at Webtuesday Zurich. Good set of slides, along with the tidbit that (which had slippy maps years before Google) is implementing OpenID. # 11th January 2007, 3:27 pm

An OpenID is not an account!

I’m excited to see that OpenID has finally started to gain serious traction outside of the Identity community. Understandably, misconceptions about OpenID continue to crop-up. The one I want to address in this entry is the idea that an OpenID can be used as a replacement for a regular user account.

[... 601 words]

OpenID Questions. I’ve attempted to provide answers in the comments. # 9th January 2007, 11:46 am

OpenID for non-SuperUsers. Sam Ruby explains the key concepts of OpenID that many first-time users tend to miss. # 7th January 2007, 10:21 pm

DjangoID. Django-based OpenID server for hosting your own (or someone else’s) identity. # 7th January 2007, 9:54 pm

More home improvements

I’ve had an offline Christmas, not entirely through choice (broadband at my Dad’s new place in rural France isn’t working yet) but welcome. I did have my laptop with me, and I’m using Bazaar for version control so being offline isn’t a barrier to checking in code. I’ve just rolled out a bunch of new features that I put together over the past few days.

[... 514 words]


Unobtrusive OpenID. Sam’s implementation passes association data in the URL rather than using sessions. I need to do that here. # 28th December 2006, 9 pm

Login to other services with Technorati. Technorati are now an OpenID provider. I’d much rather they were a consumer though; at the moment you can claim your blog with OpenID but you can’t log in to your Technorati account with an OpenID from elsewhere. # 26th December 2006, 8:41 pm

digg: Screencast: How to use OpenID. No exclamation mark this time—let’s see if it makes a difference. # 22nd December 2006, 9:50 pm

OpenID screencast

OpenID’s biggest problem is its learning curve. Using it as actually really simple, but if you’re not technical the amount of stuff you have to know before you can understand it is enormous. If you are technical, it just doesn’t seem like it should work—there are a bunch of questions that come up every time OpenID is discussed anywhere (“but surely there’s nothing to stop someone else from spoofing your ID”) which OpenID has answers for, but which are easily misunderstood.

[... 383 words]

Comment transformer votre blog en une OpenID ? My piece on OpenID tranlated in to French by Christophe Ducamp. # 21st December 2006, 3:26 pm

Three steps to OpenID. Maybe explaining OpenID isn’t as hard as I thought... Jacob Kaplan-Moss nails it in three. # 20th December 2006, 12:44 pm (via) Neat concept: a third party service for ensuring that an OpenID has passed a CAPTCHA. # 19th December 2006, 6:01 pm

digg: HOW TO turn your blog in to an OpenID. Trying to get some digg love for my OpenID how-to. I even used a digg-friendly exclamation mark. # 19th December 2006, 12:36 pm

How to turn your blog in to an OpenID

Wouldn’t it be great if you could use the same account to log in to multiple sites and applications, without having to trust them all with your password? Wouldn’t it be even better if you could do this without having to hand ownership of your online identity over to some monolithic third party? (I’m looking at you, .NET Passport Microsoft Passport Windows Live ID.)

[... 832 words]

Ma.gnolia supports OpenID. Text book implementation: you can associate your OpenID with an existing account and log in using either OpenID or your regular username and passwerd. # 17th December 2006, 9:29 am

phpMyID. A simple, stand-alone OpenID server in a single PHP script with no dependencies. Makes managing your own identity trivial. # 17th December 2006, 9:06 am

The case for OpenID. I look forward to embracing our OpenID future. # 5th December 2006, 1:34 pm