Posted Feb 21, 2011 14:14 UTC (Mon) by job (guest, #670)
Parent article: The end of OpenID?
No one wants to unnecessarily rely on third parties. Who do you contact when it doesn't work? What do you have to do to prove it's their fault? Also most users probably don't want to share their identities between sites. I know I don't. Handling multiple identities on the web is a solved problem, and it's solved in the clients with keyrings and the like. Lost passwords are also a solved problem, where everyone emails one-time credentials.
As for the valid use cases of a SSO system for the web, which is owning your identity and storing credentials off-server, there is already solution as old as SSL: client certificates. It is true that browsers could make this easier but this would happend in a jiffy if people actually used it. It is also true that it requires HTTPS but today I would regard this as a feature, not a bug.
I suspect the completely blind spot to SSL and anything that can be solved in client space is due to major NIH issues with web people rather than anything technical.