213 items tagged “openid”
2007
Ma.gnolia Blog: OpenID is Taking Off! Since November, 15% of new Ma.gnolia members signed up using an OpenID.
Group Membership Protocol. Martin Atkins’ proposal for a simple “is OpenID X a member of group Y?” protocol, useful for whitelists that can scale to handle large numbers of entries.
Social whitelisting with OpenID
A key feature of OpenID is that it provides a globally unique identifier for every user, no matter what site or service they are using on the Web.
[... 502 words]Anonymous OpenID. A mailinator-style service for OpenID. I’m glad someone’s built this; it reinforces the idea that an OpenID should not be trusted as an account without first using a verification step.
Phishing and OpenID: Bookmarks to the Rescue? Ping extends my proposal to use bookmarks as the principle authentication mechanism, resulting in a system that is much easier for people to understand.
XMPP OpenID server. An OpenID provider that sends you a Jabber message when you try to log in, to help guard against phishing.
I can also sum things up for you even more succinctly:
- users are task oriented, driving to complete the goal the
quickest way possible- users pay more attention to the content area than the browser chrome
- users don't understand how easy it is to spoof a website
Links to academic papers on phishing. Posted to the openid-general list by Mike Beltzner.
Solving the OpenID phishing problem
Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.
[... 531 words]Planet OpenID. Aggregating news about OpenID—surprisingly high traffic.
OpenID users can be just as trusty as local users. Martin Atkins makes a similar argument to my own: OpenIDs are trustworthy, provided you subject them to the same authentication steps (CAPTCHA/e-mail validation) as regular users.
Firefox3/Firefox Requirements (via) OpenID and CardSpace are both listed as mandatory features.
OpenID Speech at Webtuesday Zurich. Good set of slides, along with the tidbit that local.ch (which had slippy maps years before Google) is implementing OpenID.
An OpenID is not an account!
I’m excited to see that OpenID has finally started to gain serious traction outside of the Identity community. Understandably, misconceptions about OpenID continue to crop-up. The one I want to address in this entry is the idea that an OpenID can be used as a replacement for a regular user account.
[... 601 words]OpenID Questions. I’ve attempted to provide answers in the comments.
OpenID for non-SuperUsers. Sam Ruby explains the key concepts of OpenID that many first-time users tend to miss.
DjangoID. Django-based OpenID server for hosting your own (or someone else’s) identity.
More home improvements
I’ve had an offline Christmas, not entirely through choice (broadband at my Dad’s new place in rural France isn’t working yet) but welcome. I did have my laptop with me, and I’m using Bazaar for version control so being offline isn’t a barrier to checking in code. I’ve just rolled out a bunch of new features that I put together over the past few days.
[... 514 words]2006
Unobtrusive OpenID. Sam’s implementation passes association data in the URL rather than using sessions. I need to do that here.
Login to other services with Technorati. Technorati are now an OpenID provider. I’d much rather they were a consumer though; at the moment you can claim your blog with OpenID but you can’t log in to your Technorati account with an OpenID from elsewhere.
digg: Screencast: How to use OpenID. No exclamation mark this time—let’s see if it makes a difference.
OpenID screencast
OpenID’s biggest problem is its learning curve. Using it as actually really simple, but if you’re not technical the amount of stuff you have to know before you can understand it is enormous. If you are technical, it just doesn’t seem like it should work—there are a bunch of questions that come up every time OpenID is discussed anywhere (“but surely there’s nothing to stop someone else from spoofing your ID”) which OpenID has answers for, but which are easily misunderstood.
[... 383 words]Comment transformer votre blog en une OpenID ? My piece on OpenID tranlated in to French by Christophe Ducamp.
Three steps to OpenID. Maybe explaining OpenID isn’t as hard as I thought... Jacob Kaplan-Moss nails it in three.
botbouncer.com (via) Neat concept: a third party service for ensuring that an OpenID has passed a CAPTCHA.
digg: HOW TO turn your blog in to an OpenID. Trying to get some digg love for my OpenID how-to. I even used a digg-friendly exclamation mark.
How to turn your blog in to an OpenID
Wouldn’t it be great if you could use the same account to log in to multiple sites and applications, without having to trust them all with your password? Wouldn’t it be even better if you could do this without having to hand ownership of your online identity over to some monolithic third party? (I’m looking at you, .NET Passport Microsoft Passport Windows Live ID.)
Ma.gnolia supports OpenID. Text book implementation: you can associate your OpenID with an existing account and log in using either OpenID or your regular username and passwerd.
phpMyID. A simple, stand-alone OpenID server in a single PHP script with no dependencies. Makes managing your own identity trivial.
The case for OpenID. I look forward to embracing our OpenID future.