[ale] A reliable/secure openid provider?

Michael B. Trausch michael.trausch at gmail.com
Mon Jul 16 14:34:38 EDT 2007


On Mon, 2007-07-16 at 10:41 -0400, Greg Freemyer wrote:

> I just got exposed to openid over the weekend.
> 
> If what I saw was accurate, it is the coming thing in creating a
> easier way to manage login/password info for the web.
> 
> Anybody using it yet?  Any security types, saying absolutely not.
> You'd be stupid to do that?


I am using OpenID so that I can use my blog as an ID for sites that
support OpenID.  The system is rather interesting in nature, and
LiveJournal got a (halfway decent) implementation of it in their
LiveJournal software.  However, other places have implemented it better
(for example, the OpenID plugin for WordPress, which lets people use
WordPress as an OpenID provider for other sites, and has an OpenID
consumer that lets people use their OpenID to leave comments).

OpenID doesn't solve all of the problems of multiple logins, since some
sites will still need to have personal information anyway.  I think that
the OpenID protocol should've provided for user-authorized central
management of certain information, as well, like full name, address,
etc., so that sites like NewEgg.com could benefit from the use of
OpenID:  They would save storage space by not having to have information
contained within their databases on the locations and shipping
information for their customers, for example, while the customer would
benefit from the ability to update their address in a single location
and have it shared with any sites/businesses that they explicitly
permit.

The great thing about OpenID is that you can use your identity once, or
you can choose to permanently let a site authenticate your ID.  It
really is a pretty nifty way of doing things, even if it is slightly
under-featured.  Probably future generations of hybrid
central/distributed identity management systems will permit more, after
people get more comfortable with the idea and start to understand it
more.


> 
> ( If you have an hour:
> http://video.google.com/videoplay?docid=2288395847791059857 )
> 
> Anyway, I want to setup an openid account somewhere and start to
> experiment.  Any recommendations?


LiveJournal is perhaps the best known, since Brad Fitzpatrick is the guy
who kinda started the whole thing.  There are other sites that use
OpenID for various purposes, as well.  There is a rather large list of
OpenID providers online:

http://openid.net/wiki/index.php/OpenIDServers

Also, The OpenID directory ( http://openiddirectory.com/ ) has a
collection of sites that are OpenID Consumer enabled (e.g., that you can
login to using OpenID).  My site is also one of these sites.  Primarily,
thus far, users from LiveJournal (where I used to blog, but moved in the
interest of free speech) are the only ones that have used OpenID to
comment on my site, but anyone with an OpenID identity can use theirs.

    --- Mike

--
Michael B. Trausch
                                Web:
              http://www.trausch.us/
Phone: (404) 592-5746
                    Jabber IM/Email:
           michael.trausch at gmail.com
Demand Freedom!  Use open and free protocols, standards, and software!
Support free speech---it is the most valuable freedom we have!
-------------- next part --------------
An HTML attachment was scrubbed...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list