January 22, 2008 9:35am
Everyone including the corner store could become an OpenID *provider* and it still wouldn't make any bloody difference.
November 18, 2007 2:39pm
I think it is well established that HTTP Authentication needs a major kick in the ass and OpenID and OAuth may get us most of the way there. However, until I see RFC#’s attached to both I’m hardly going to consider them to be complete. I propose the creation of an IETF WG on Identity and Authentication. The WG would be chartered to produce two RFC’s covering each of the two areas. OpenID and OAuth could be used to seed the WG effort.
October 1, 2007 2:52pm
If your web application hosts any valuable information at all, it’s prudent to expect that some significant proportion of your users will eventually have their accounts hijacked.
February 26, 2007 11:03am
After reading Simon Willison's post about setting an OpenID, and watching his screencast, I went ahead and set one up. The most attractive thing to me is a unique URI that I can use to log in to a variety of different sites (okay, there isn't much variety yet), without setting up different accounts on all of them. Tim Bray has written a post on his concerns about OpenID, in which he looks at it from the other side, what does an OpenID mean to a _site_ where someone is logging in (among other things). The comments ...
[read more]