Home of the Muppet Imperial Moderator Corps

OpenID

Anyone else here using it?
Permalink Aaron 
July 14th, 2007 8:05pm
Yeah, what is that email you just sent me all about?
Permalink Send private email Colm 
July 14th, 2007 8:10pm
It's an invite to use ClaimID.  I just started using it.  OpenID, claiming sites as your own, etc.  I'm not sure if it's useful or not.

There are a ton of networking sites out there, but not many seem to be implementing metadata like FOAF stuff, and I am wanting to see if these people are any better.

Ignore it if you like, that's ok.
Permalink Aaron 
July 14th, 2007 8:13pm
we have it ready to go, but aren't using it at the moment.
Permalink hello. 
July 14th, 2007 8:20pm
As in your company has it ready?

I meant more like personal users, but it's an open enough question about whose companies are using it, too.
Permalink Aaron 
July 14th, 2007 8:29pm
Yeah, my company. We have some ruby on rails stuff, some PHP stuff, and a client application. We've plugged it all into the web stuff and the client app but it isn't in our current release. We also set up an OpenID provider. It isn't clear what we gain from it, which is why we haven't integrated it into our live systems.
Permalink hello. 
July 14th, 2007 8:32pm
Clearly you gain much street cred and Web 2.0 coolness points.
Permalink Aaron 
July 14th, 2007 8:35pm
Whoa. You wrote all the code without being really sure what you'd gain from it?
Permalink Send private email Colm 
July 14th, 2007 8:35pm
That's why they're a Web 2.0 company.  They do stuff because it's cool.
Permalink Aaron 
July 14th, 2007 8:38pm
It took me about 2 hours to plug it into all our websites. It took about a half day to set up PiP and then strip out everything we didn't want.  I don't know how long it took the guy on the client team to get it working. It is running in our dev environment.

We were looking to see if it could help us out as a single sign on strategy.
Permalink hello. 
July 14th, 2007 8:40pm
Ok, that last bit is entirely reasonable.  I shouldn't mock - we're working on SSO here, and I'm wondering if OpenID is a good solution.
Permalink Aaron 
July 14th, 2007 8:41pm
Our primary product is a client application. Our web stuff is primarily support applications for the client. I do use AJAX in those applications, so I guess we are sort of web 2.0.
Permalink hello. 
July 14th, 2007 8:41pm
I don't know if we really gain much from it as a SSO thing. I personally think logging in with a URL is weird. Ultimately we are probably going to have to cook up our own custom profile manager application, but at this point we don't need that in the client, so we haven't thought about it too hard.
Permalink hello. 
July 14th, 2007 8:43pm
There was a subtle migration from using usernames, which are prone to collision, to email addresses, which aren't, as identities.  The problem with email addresses is that you have to verify someone against them, and the moment you change jobs or ISPs you lose what you had, and some places don't accept free email addresses because those are easy for spammers to get.  So now you get a URL, which you can keep even when you change jobs or ISPs, but I suspect it won't be long before spammers automate the creation of OpenIDs to soak up the namespaces.  Not to mention identity thieves starting to hack the OpenID servers.  *That* is going to be a mess - lose control of that, and then they can walk around all over the place pretending to be you.  A lot of people use the same password everywhere they go, though, so it might not be all that different.
Permalink Aaron 
July 14th, 2007 8:52pm
Identity has never really been a real anti-spam measure has it? You can have a "real" identity and still spam.
Permalink son of parnas 
July 14th, 2007 8:57pm
It's more an issue of people spoofing names with lookalike names.  A simple typo that a quick glance would not normally catch, and suddenly you're accepting email or other contact from someone you'd rather not.
Permalink Aaron 
July 14th, 2007 9:03pm
I looked into OpenID and the Liberty project as a SSO solution for my other job, and came to the conclusion that they won't work because it's a chicken-and-the-egg problem.

My customers will likely be using Active Directory or some other flavor of LDAP, and there'd have to be a AD to OpenID gateway running on their network, and I can't see the IT administrators going for that.
Permalink Send private email xampl 
July 15th, 2007 10:41am

This topic is archived. No further replies will be accepted.

Other topics: July, 2007 Other topics: July, 2007 Recent topics Recent topics