SXSW Critical look at Open ID session - live random blogging

SXSW Critical look at Open ID session - live random blogging

Angus Logan [Windows Live]

10 Mar 2008 12:42 PM

Comments 3

Sidenote: check out the Windows Live ID federation whitepaper which may address a lot of the issues below

OpenID attempts to solve the username/pwd problem

the web needs SSO
OpenID is a decentralized mechanism
one organization owning the credentials has revolved
any company can setup as an openid provider
OpenID us a URL (an identifier)
e.g. www.anguslogan.com
OpenID proves that you own a URL
OpenID does profile property transfer i.e. thirdparty.com asks for
enhancement in OpenID 2.0 instead of typing "alogan.live.com" (i.e. the URI) you can just type "live.com" (or click a button) and it takes me to the provider.
Q: how do you educate an end user? A: look at what yahoo has done
- Analogy: email a few years ago was extremely hard; the barrier to entry is coming down.
there is talk about mapping an email address to a URI
end users dont know what a URI is but they know their myspace page;
there is no central record kepeing;
if u get redirected to the other site - can you trust the site isn't phishing
- frame busting
- SSL
- best practices
- this isn't a new problem
some providers do SMS and out of band
estonia has a national security card used for all interaction with the govt
- there is an open id provider which allows any site in Estonia to auth using the national security card
yahoo are a open ID PROVIDER but NOT A RELYING PARTY
there was a huge debate on "why does everyone want to be a provider and
there is a misconception that Windows Live ID costs a lot of money
quote: you should pay a lawyer a lot of money if you trust any external source for COPPA compliance
the simple reg/attribute exchange is recommended to only be used for pre-filling forms
one of the questions is: the bits look superb - why aren't more sites using openid?
the first time you implement it can be a couple of days "it can be a little fiddly"
goog guy on usability: we can help normal users get over the hump, introduce them proactively to account association
there is an ISV launching tomorrow which takes OpenID and makes it as easy as possible for END USERS

www.clickpass.com

if i sign up to plaxo using my OpenID - when I download the client bits I can't use it unless I create a Plaxo username/password...

solution is to use OAuth and OpenID combined.

twitter said they would support openid
will openid help with comment spam

distributed whitelisting
reputation providers

Live ID, identity

Leave a Comment

Name
Comment
Please add 7 and 1 and type the answer here:
Post

Comments

MSDN Blog Postings » SXSW Critical look at Open ID session - live random blogging

10 Mar 2008 1:11 PM

PingBack from http://msdnrss.thecoderblogs.com/2008/03/10/sxsw-critical-look-at-open-id-session-live-random-blogging/
Angus Logan's Blog

10 Mar 2008 1:15 PM

I just flew into Houston, TX on the red-eye from Seatac and I'm sitting in a starbucks waiting for my
video conferencing equipments

26 Sep 2008 1:06 AM

[...]If your company is looking for a more efficient and effective way of communicating as a group with numerous offices around the country, web conferencing is just what you need. Not only will you be able to communicate orally and well as visually, you will save everyone the hassle of calling in or waiting to be called. This will save your company precious time and money in the long run. So whether you are a small or large business web conferencing is the wave of the future when it comes to around the country board meetings or simply bouncing ideas off one another.[...]