Computer Consultants Kit [02.07.08 06:53 AM]

It's great to hear that despite all the tense merger/acquisition/anti-trust talk going back and forth between Yahoo, Google, and Microsoft that progress is still being made on OpenID.

All too often these big-picture management issues can tear apart projects that have been in the works for months, even years.

Glad to see current events haven 't disrupted progress,

Joshua Feinberg

  Martin Edic [02.07.08 07:35 AM]

Could someone in your group spend a few minutes writing a clear, non-technical description of what OpenID is and why anyone should care?
Two sentences or less and something an average, completely non-techy person can understand...

This would do more to promote your cause than anything else- there is a huge world out there that doesn't have a clue about this stuff.

  David Recordon [02.07.08 07:52 AM]

Today I might go for something like: OpenID allows you to use your existing account from sites like AOL, Blogger, LiveJournal, and Yahoo! to login around the web. Unlike using your email address, it doesn't require you to choose a new password or re-enter all of your personal information just to signup for a new service.

Martin, I think that is one of the reasons why this announcement is so compelling in my mind. Yahoo! has done a great job with making their OpenID Provider far more understandable to non-techy people than I've seen in the past. No, we're not there yet but having these combined resources should really help to explain OpenID and its value to even more people.

  Bob Warfield [02.07.08 08:15 AM]

It's time Amazon brought an OpenID Web Service to their more than 300,000 developers. Where are they on OpenID?

More on my blog:

http://smoothspan.wordpress.com/2008/02/07/where-is-amazon-on-openid/

Best,

BW

  paul [02.07.08 09:21 AM]

Thank-you Brad Fitzpatrick for creating OpenID, maybe soon we will know who is who.

  Spiffing [02.07.08 10:21 AM]

OpenId is just a commercial scam to allow companies to track peoples browsing.

  Ben Bangert [02.07.08 10:25 AM]

Until OpenID is ready to handle authentication for websites involving financial transactions (anything where you can buy something), it's still going to have limited uptake.

There's tons of websites now that have subscriptions, and other little payments systems, none of them can use OpenID until there's additional schemes in place to make OpenID trustworthy for anything beyond social networks and blog comments. Now that big players are on board, are they moving to address this issue?

  KennyO [02.07.08 10:54 AM]

I don't get it... didn't the Liberty Alliance (projectliberty.org) try this a bunch of years ago? The organization still seems to be operating with quite a following of large backers.

  gregory [02.07.08 10:57 AM]

i expect the government to soon join the open id game, they will add real id, and that will be the end of what we think of as the open web

  missburrows [02.07.08 11:55 AM]

Once again, our choice to use OpenId exclusively for treasurelicous.com has proved to be a smart one.

Welcome, Google, Microsoft, Verisign, et al., to the OpenId party. Go ahead and grab a drink, the pizza is in the other room. :)

  Joe [02.07.08 01:20 PM]

The security vulnerabilities in OpenID are staggering. I do not understand why anyone is considering this as an authentication technology.

Imagine using OpenID and having someone phish your yahoo! account. Imagine your BoA or Amazon or Google (google checkout) account is OpenIDed.

There is zero chance I will sign up and I recommend everyone else avoid it as well.

  paulinedoust [02.14.08 02:48 AM]

found this so throwing in my 2pence worth dont know exactly who or what it is or where im at @i vaugly remember doing some thing like micro/sft id live chatt [thingy my jigg] found it usefull at applicabel time. [nothing worth stealing from me or mine] went to use it again was ask for logg in data , oh no not again forgotton yes , yet thus adding another tingy to remember along with screen names pass words which e,mail etcetc,
recived reply to forgotten instructing me to make yet another dozen copyings pasteings wrappings saveings sendings storings genralldoings on pc. no time, in middel of doing somthing else, save to em. thought why bother simpler to re do new logg in. now currently trying to get pixish to function properly seems the kick in the teeth from the world class flickr has inspired the heads at micro to start a thingy of their own and or obtain data /pict/ from flickr via signed up new/beeis from [the site]adding a slightly diff angle of [assingments] rewards/etc well yer if only it would function in the application stage id give it a twirl so far nothing but problems.

  Gote Borg [02.17.08 04:59 AM]

The choice of an OpenID provider should probably become similar to the choice of a credit card provider. It should not be a forced decision, but it certainly is more convenient than carrying around cash. It can actually be safer in some cases, especially if you get locked out of an account for example, since your OpenID provider could become your advocate and could take steps to restore your access.

  John Lam [02.19.08 02:37 AM]

@Joe, pay attention to the location bar and opportunities for phishing are no more than password logins. Even better, Yahoo and http://IDproxy.net use only HTTPS logins, and let you upload and create a custom picture so you can clearly distinguish your Yahoo login page from a spoof. With one login, all OpenID-capable sites become accessible without worry someone might sniff your password over unsecure WiFi links.

Most sites offering password logins also let you recover your login by submitting your e-mail address. This is an open vector for sniffing passwords and substitute logins. By comparison, OpenID sites can rely upon multiple identity providers, should you forgot your login at any one. And don't forget, from the get-go, OpenID requires no additional password to remember!