A Critical Look At OpenID

By Sam Felder on March 11, 2008 2:18 PM | | Comments (1) | TrackBacks (0)

Notes from the A Critical Look At OpenID at SXSW.

SSO with single authority betrays the core principles of the web. OpenID is a shared standard that uses URLs as identifiers. The OpenID protocol lets you prove that you own a URL. This means that OpenID can be used an authentication token.

Overview

When logging into to a new third party site with OpenID you are bounced to the authority for your URL. That URL then can remember that you trust this other application and bounce you past if you are still cookied into that other site when you come back later.

This can also be used for registration using the Simple Registration functionality of OpenID. This allows users to select attributes that will be exchanged with the third party site.

In OpenID 2.0 users can enter the address of a provider instead of a provider. The provider will then ask for your username and password or allow you to choose between multiple identities.

OpenID is very similar to Email

  • Pick a provider to trust
  • Users of different providers can interoperate
  • Can be used for SSO (email is used for remember password communication)
  • user@URL.com means that user is associated with URL.com

Although these are similar in this metaphor, OpenID is both a better user experience and much more secure than email if SSL is used for OpenID authentication.

One critique of OpenID is that it allows a single point of failure. This is no different than the current situation because your email address is a de facto SSO if the same address is associated with all of your accounts.

Security

Providers are now beginning to compete on anti-phishing and security features. Users can be protected by second factor strong authentication

The OpenID community can also whitelist providers which will help manage the business risk.

Yahoo Example

Yahoo is an OpenID proverider but does not support OpenID for Yahoo properties. Yahoo only supports OpenID 2 and will not suport OpenID 1.

OpenID 2 is supported by Drupal, Plone, and Wordpress.

Ingestion

37Signals support is significant because thir support of the spec has encouraged support in an ecosystem.

Q&A

Q: Identity Theft

A: Fail over to other systems helps with identities dissapearing. The theft issue is harder and OpenID is, at least, not worse than the current system.

Q: Future of attribute exchange

A: Getting better but not widely supported yet. Simple Registration has been around a while but only supports a fixed set of nine fields.

Q: Barriers to use

A: Usability, security, and technology are the key issues. To solve usability issue, one method is to connect the service their using with specific other providers. Providers can also work hard to educate users that they have a highly portable ID.

Categories:

Tags:

0 TrackBacks

Listed below are links to blogs that reference this entry: A Critical Look At OpenID.

TrackBack URL for this entry: http://www.samfelder.com/mt/mt-tb.cgi/326

1 Comments

blog.restafarian.org Author Profile Page said:

Looks like it was an interesting discussion, although it doesn't sound like it was too "critical" ... or maybe you just highlighted all of the positive aspects! Personally, I happen to like OpenID myself (I used mine to log on to your site!), but it's always interesting to hear opposing views ...

March 11, 2008 6:54 PM

Leave a comment

Who is this guy?

Sam Felder is a web designer and occasional writer in Los Angeles, CA.

Born in Washington, DC, Sam and his family moved to Peoria, IL, where he grew up and went to school. He returned to DC in 2003 and left for the west coast in late 2005.

See me speak at SXSW Interactive 2008

Find Me Elsewhere

Archives

Search


Categories

Recent Activity

Today

  • Sam tweeted, "I don't think tonight's presidential debate could possibly have had less substance: http://tinyurl.com/6arb64"
  • Sam is attending IxDA-SF Presents: Matt Jones, "Playfulness in Design" at odopod
  • Sam tweeted, "slowly getting better at making espresso. still terrible at foaming soymilk..."

April 15

  • Sam tweeted, "Glad that I filed my income tax last week. I had to pay but at least I don't have to spend today stressed out!"
  • Sam tweeted, "OH: I think the future of dolls is..."

April 12

  • Sam tweeted, "biking in SF makes me want terrain view in google maps on the iPhone. These hills are serious!"
  • Sam tweeted, "every time I see an airplane gracefully take off I'm impressed that we can do that. It really is amazing!"

April 10

  • Sam tweeted, "Making plans for a great weekend up in SF. The weather is going to be great and I plan to spend as much of it outside as possible."
  • Sam tweeted, "Loving the new season of Radiolab http://www.wnyc.org/shows/radiolab/"

April 9

  • Sam tweeted, "up late watching video from TED"
  • Sam saved the link NewsVisual

April 7

  • Sam tweeted, "Why does iTunes keep downloading partial podcasts? I don't want 18 minutes of This American Life. I want the full hour!"

April 4

April 3

  • Sam saved the link City songbirds are changing their tune
  • Sam tweeted, "I dreamt that it was suddenly May and I had forgotten to file my taxes. Is it a sign that I should stop procrastinating?"

April 2