I’m watching this unfold, OpenID, Facebook Connect, Y!OS, Microsoft support, Google support…it’s supposedly a big group hug, but it feels like a war, folks. And it’s not pretty. Note this:
A couple of hours ago, the Google Security Team posted an article claiming that Google’s made the switch to OpenID, joining Yahoo! and Microsoft in the ranks OpenID providers.
But it looks like someone may have been a bit to hasty to pull that switch (perhaps itching to get some of the limelight Microsoft has been receiving for adding OpenID to all Live ID accounts just the day before yesterday)… because whatever it is that Google has released support for, it sure as hell isn’t OpenID, as they even so kindly point out in their OpenID developer documentation
I hate to say it but watch this space.
3 thoughts on “OpenID”
I’m not sure when this was posted but I’m hoping you’ve read this:
and this video isn’t bad to watch:
I think the people that are participating in the decision making actually are pretty open about the process. While there is always the PR positioning, what really matters is that in the long-run people cooperate.
While not everybody is cooperating, I think it’s getting very close. There’s always people jockeying for political position but honestly I think everything is moving forward in a great way.
Sounds like being open to OpenID is another battle or positioning in Platform Wars. Platform Wars is something that a colleague of mine pointed out that Rolf Skyberg (eBay evangelist) gave a presentation on a month ago. The Lessig style presentation can be found off of Rolf’s blog here:
It would be an interesting space to watch if OpenID weren’t such a misguided idea.
OpenID is so fundamentally flawed that its no surprise at all that Google isn’t playing “nice.” We have seen examples of white-listed IDP’s which ignore the “open” in OpenID and some of those links provided show how ludicrous it is to ask someone to figure out what the heck they need to do.
OpenID was gestated by a bunch of blog mavens that wanted to allow their “1000’s” of friends to comment without having to login to each and every blog site. Considering that even this site only requires entering a Captcha, OpenID does little more than prove a human is there.
Of the many flaws, the ones that stand out are 1) redirecting the user away from the site they are trying to login to, 2) handwaving away the details of the authentication and 3) relying on the IDP to tell “me” the user is ok.
One of the links provided that shows how Google is attempting to address the UI issues with using or not using OAuth/OpenID shows the problem with redirecting from the site. Only the most savvy rocket scientists are going to be able to navigate this confusing swamp of knowing who is trying to provide the authentication. The idea of normal users figuring this out is laughable.
OpenID makes a specific point of ignoring the details of authentication. Its up to the user to pick a reliable ID provider. Of course, this is why IDP’s are whitelisted, because users can’t be trusted to make that kind of decision. OpenID is like walking into your bank to withdraw money with some completely random person who vouches for your identity. That works for blog comments, but not for any serious web transactions.