It's an invite to use ClaimID. I just started using it. OpenID, claiming sites as your own, etc. I'm not sure if it's useful or not.
There are a ton of networking sites out there, but not many seem to be implementing metadata like FOAF stuff, and I am wanting to see if these people are any better.
Ignore it if you like, that's ok.
As in your company has it ready?
I meant more like personal users, but it's an open enough question about whose companies are using it, too.
Yeah, my company. We have some ruby on rails stuff, some PHP stuff, and a client application. We've plugged it all into the web stuff and the client app but it isn't in our current release. We also set up an OpenID provider. It isn't clear what we gain from it, which is why we haven't integrated it into our live systems.
Whoa. You wrote all the code without being really sure what you'd gain from it?
It took me about 2 hours to plug it into all our websites. It took about a half day to set up PiP and then strip out everything we didn't want. I don't know how long it took the guy on the client team to get it working. It is running in our dev environment.
We were looking to see if it could help us out as a single sign on strategy.
Ok, that last bit is entirely reasonable. I shouldn't mock - we're working on SSO here, and I'm wondering if OpenID is a good solution.
Our primary product is a client application. Our web stuff is primarily support applications for the client. I do use AJAX in those applications, so I guess we are sort of web 2.0.
I don't know if we really gain much from it as a SSO thing. I personally think logging in with a URL is weird. Ultimately we are probably going to have to cook up our own custom profile manager application, but at this point we don't need that in the client, so we haven't thought about it too hard.
There was a subtle migration from using usernames, which are prone to collision, to email addresses, which aren't, as identities. The problem with email addresses is that you have to verify someone against them, and the moment you change jobs or ISPs you lose what you had, and some places don't accept free email addresses because those are easy for spammers to get. So now you get a URL, which you can keep even when you change jobs or ISPs, but I suspect it won't be long before spammers automate the creation of OpenIDs to soak up the namespaces. Not to mention identity thieves starting to hack the OpenID servers. *That* is going to be a mess - lose control of that, and then they can walk around all over the place pretending to be you. A lot of people use the same password everywhere they go, though, so it might not be all that different.
Identity has never really been a real anti-spam measure has it? You can have a "real" identity and still spam.
It's more an issue of people spoofing names with lookalike names. A simple typo that a quick glance would not normally catch, and suddenly you're accepting email or other contact from someone you'd rather not.
I looked into OpenID and the Liberty project as a SSO solution for my other job, and came to the conclusion that they won't work because it's a chicken-and-the-egg problem.
My customers will likely be using Active Directory or some other flavor of LDAP, and there'd have to be a AD to OpenID gateway running on their network, and I can't see the IT administrators going for that.
July 15th, 2007 10:41am