OpenID

[Crazyfingers]

This is my first post so hi everyone

A quick search reveals just one mention of OpenID so I'm guessing its not particularly high on the to-do-list, however I think its a really interesting subject which might benefit all our users and customers.

Has anybody integrated OpenID yet? Created or currently working on a mod? I see there are a few tutorials online but my background is in design rather than programming.

If anyone is interested there is technical information here...OpenID Developers.

I have read that both Wordpress and phpBB have plugin integration, so maybe users could be authenticated via another opensource software?

Its a little bit above me but I love the principle.

What do you guys think?

Cheers

Stu

[Lhotch]

I sure hope it authenticates faster that their pages load.

My biggest concern is security. You are relying on someone else to store you user data. Is someone gets your openid they have access to everyplace you do.

[Crazyfingers]

...if its got the backing of Yahoo, Google, AOL, IBM, Microsoft and VeriSign (to name just a few), it can't be that tin pot can it?

I guess the argument is, that people are more likely to take proper care of their one most important password rather than lots of less secure ones.

I think people logging into a 68 site with their gmail password would be exciting wouldn't it?

Makes for a good discussion anyway

[Lhotch]

Quote:

Originally Posted by Crazyfingers

...if its got the backing of Yahoo, Google, AOL, IBM, Microsoft and VeriSign (to name just a few), it can't be that tin pot can it?

Many of the sites backing it are all about traffic so it makes sense they would push something that makes it easier to build traffic. Just because something is commonly accepted doesnt make it right, secure or the best way to do something. More often than not its a result of human laziness.

Quote:

Originally Posted by Crazyfingers

I guess the argument is, that people are more likely to take proper care of their one most important password rather than lots of less secure ones.

I think people logging into a 68 site with their gmail password would be exciting wouldn't it?

Makes for a good discussion anyway

Thats certainly wishful thinking but I dont for one second buy that people will take any better care of a password because it will be used in many places. On the contrary I think we will find that it is going to increase phishing scams for sites that use openid in the hopes that one key will unlock many doors.

Day in and day out people fall for phishing scams all the time and why is that? Because they dont even take the time to understand the basics about the tools they are using and they click e-mail links without even knowing what a URL is and what it should look like when going somewhere.

It may not be a bad feature to offer and let admins decide if they want to implement it and users if they want to use it but Im not sure how much demand there will be for it and since it ties into site authentication it may have to be implemented at the core level so would be outside the realm of a 3rd party developer.