Comments on: Somebody had to do it

By: kveton

kveton — Fri, 20 Oct 2006 13:47:06 +0000

Ian: Yes, you have to choose your service provider very carefully today. However, you’re not the only person to have asked this question. There are a couple of possibilities for how we solve this once-and-for-all but its a question of hashing them out in the community, developing it in the specification and then writing the code.

As for phishing, I couldn’t agree more. There are several folks working on browser extensions to help alleviate this pain (Sxip is working on one I know for sure and ooTao already has one out). Discussions have also been had with Mozilla about directly integrating support for OpenID into the browser (this would be basically leveraging the anti-phishing stuff in Firefox already).

By: http://snarfed.org/

http://snarfed.org/ — Fri, 20 Oct 2006 10:06:22 +0000

agreed, this is a great step. props to technorati, along with livejournal and the rest of the open-minded early adopters.

full disclosure, my main motivation for posting here is to test out pyblosxom\’s new openid support, which i\’ve just finished and checked in. i\’ve tested locally, of course, but this is the first live test. fingers crossed!

oh, and no promises, but i\’ll see what i can do about openid at google…

By: Ian Thomas

Ian Thomas — Fri, 20 Oct 2006 09:01:35 +0000

Open ID sounds great, except for one thing. What happens when your service provides decides to stop providing Open ID? Do you lose access to all your accounts that use that Open ID?

It also seems to be a massive target for phishing attacks, should the likes of eBay start using it.