LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The end of OpenID?

The end of OpenID?

Posted Feb 5, 2011 21:11 UTC (Sat) by madhatter (subscriber, #4665)
In reply to: The end of OpenID? by spaetz
Parent article: The end of OpenID?

Spaetz makes a very good point there. Being a fan of OpenID myself, and having read both the 37signals and the webmonkey articles, I was struck by the extent to which people seem to be misusing OpenID.

If you're trying to remember an OpenID URL of the format http://OddSubdomain.OpenIDProvider.tld/WeirdAccountName, you're doing it wrong. The right way to use it is to have your OpenID as http://my.vanity.domain/ , perhaps appending /openid or some simple string, and from that domain, which you control, nominating your OpenID provider _du jour_, which can - and probably should - change regularly.

This gets rid of the "I forgot my account details with my provider so I got locked out" problem, which seem to be many of the problems in both the articles mentioned above. I have in fact locked myself out of my provider twice, and each time, I found a new provider and switched in minutes, because the OpenID URL I had registered was on a domain under *my* control, not some third party's.

I'm a big fan of OpenID and I'm sorry it won't catch on with most sites, and I'm fairly sure the reason why it won't is, as has been said here already, the benefits are all to me, not to the site owner. I look forward to being able to use it on LWN soon.

(Log in to post comments)

The end of OpenID?

Posted Feb 7, 2011 13:24 UTC (Mon) by spaetz (subscriber, #32870) [Link]

yep, that's how I do it too. There is not even a need to append /openid to the url.

These 2 lines in index.html is all I need to be able to use http://sspaeth.de as my openid url.

<link rel="openid2.provider openid.server" href="http://www.myopenid.com/server"/>
<link rel="openid2.local_id openid.delegate" href="http://obscureopenidprovider.com/obscureopenidaccountname"/>

The end of OpenID?

Posted Feb 8, 2011 12:40 UTC (Tue) by nix (subscriber, #2304) [Link]

And unless you're an OpenID geek there's no way you'll realise that. I've got an OpenID identity that I can never remember because I can never remember the URL. Would I have thought of the trick you propose? Not in a million years.

The end of OpenID?

Posted Feb 8, 2011 12:47 UTC (Tue) by madhatter (subscriber, #4665) [Link]

I rather agree with you, but I still think it's due to the way that OpenID is being mis-sold (as it were). None of us comes into the world fully versed in the protocol, so we all have to learn about it from somewhere or someone. I was lucky that I caught it early on, and read the protocols, and saw how it was supposed to be used - it's not a trick, it's clearly what's intended by the authors.

But there's no reason why those providing OpenID authentication servers couldn't do a better job of telling people how it's supposed to be used. Except, presumably, that they, too, don't want to help their user community free themselves from linkage to their providers.

I despair, really I do.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds