OpenID Neatness

[andrewducker]

If you have a Google Profile (and anyone using Google will have one, you might just not have set yours up yet) then it's now usable as an OpenID!

Mine is https://www.google.com/profiles/TheAndrewDucker if anyone cares :->

Comments

[opusfluke.livejournal.com]

The deed is done.
http://www.google.com/profiles/flukes.cradle
At some point I'll tart it up a bit.

That's half the battle....

[akicif.livejournal.com]

Just recently back from a federated access management conference: at present things like OpenID and FaceBook connect are fine for authentication, but no use for authorisation unless you break the very thing that makes them open.

Sure, a site owner could insist on people using a particular OpenID server that they have an agreement with to control issuing of credentials, but where is the "open" in that? Or FaceBook could tighten up on who it lets join its university networks, but while I can see some publishers accepting being in the University of Rummidge's FB network as sufficient to let them access online subscription material (certainly the cheap stuff), there's no way Rummidge's IT department will let you use your FB account to access your own email and files (but see what some colleges are doing with gmail and google docs).

Still, there's work being done on associating "lightweight" AuthN methods with true SSO and together they can be used for the AuthZ side.

Re: That's half the battle....

[andrewducker]

Depends what you mean by authorisation - my login to Stack Overflow is by OpenID and that gives me authorisation to carry out various acts, based on my ID. You can use any OpenID server you like.

Sure, your bank may continue to run its own login services, and email providers already have a username/password for you, so it makes sense for them to use that, but if I was rolling out a new site now I'd think carefully about whether I wanted to use a user name/password for it - and if it was for techies I'd definitely go for OpenID.

Re: That's half the battle....

[akicif.livejournal.com]

Found this report (pdf) by some of the folk I work with....

Re: That's half the battle....

[andrewducker]

Interesting stuff. I agree with one of the comments that the major problem is that the university isn't going to trust _any_ external identity. And I don't expect that to change in the near future, nor is there any particular reason why it should - if they care about identity matching up to a real person then they will have to have some way of doing that, such as a university account. And once you have a university account, everything will then be written to work with it.

As to the rest of it, the only one that worries me is the recycling of identities. But this is as much a problem as current usage of email addresses as user names - which is terribly common.

Re: That's half the battle....

[matgb]

I don't have a problem with any of that though. OpenID wasn't designed for that sort of thing (if people are trying to push it that way I'm not sure I like it).

It's meant to allow me to comment on any forum, blog or similar as 'me', without seperate registration and a billion passwords that I'll never remember.

Still, good that Google have finally turned it on properly instead of allowing it through a weird address I never remembered. Means I can really start pushing OpenID for comments, especially on DW.