I am a bit disappointed in OpenID. So far it has not matched the expectations that I have for an identity system. It does not have pretty much any trust built in by default because of the loosely coupled model. Anyone can set up an identity provider or a service provider and they have no one to answer to (so there is no built in way to handle hostile services, sounds like smtp in it's day). And one of the potentially nasty things is that OpenID gives the web sites an easy primary key that they can use to cooperate with other sites and pull a lot of combined knowledge about the user. I personally am not keen of the idea.
But I must admit that I am biased from having worked for quite some time implementing Liberty Alliance protocols on various applications. And since Liberty does provide a lot of these qualities that OpenID is missing, I am having a hard time accepting that OpenID's loosely coupled model is really worth it in the long term.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds