People complain a lot that users don’t understand about OpenID logins booting them to another website to authenticate.
Don’t Google already do this with Blogger and Yahoo with Flickr? That is to say: don’t tens of millions of people do this regularly already?
I mean, what’s the big difference? I know there are other usability complaints/problems, but this one sounds eerily like a straw man to me.
30 minutes from ssh-ing into my server to having my own (decrufted) OpenID.
Many thanks to PHPMyID, Sam Ruby and openidenabled.com.
Unlike Jeremy Keith, I couldn’t care less about giving people a nice web interface onto what I’ve been doing. I’d much rather have a view onto what people I know have been doing instead.
A web view of what I’ve been doing is in fact probably the least interesting thing you could possibly do.
He briefly mentioned portable social networks. Well, those aren’t going to work until the services we use start actually providing full import and export. Maybe with the advent of services becoming OpenID providers (even if it is via a proxy) we’ll see a way to create accounts for your contacts without them having to actually do anything and thereby a way to move transparently between services. As if.
After a few more moments of thought following my last post I imagine what we could do is implement OpenID consumption so that rather than forcing people to be pre-approved before they get a light-weight account they can be post-approved.
That is to say, if you’ve registered for a light-weight account using an OpenID on a trusted server (let’s say anything in the .ac.uk domain) then your account is automatically processed and you can log in immediately, but you still have to provide the username or email address of someone with a full Bath account who will get an email asking if they really do vouch for you or not, with the account being revoked after five days if they’ve not been confirmed.
Plenty of people have said in the last few days that there are more OpenID providers than there are OpenID-consuming services.
I have some basic code which, if enabled, would grant everyone at the University I work at an OpenID. This isn’t the challenge though; where could we turn on OpenID consumption in our services?
We offer a lightweight account to external users so that researchers can use tools we provide to collaborate with other researchers here. However we don’t give them out freely and for each account application there needs to be a native user who supports the application. This gives us some technological and social-contract guarantees about who we grant access to.
It’s also a pain in the ass for anyone who does just want to sign in to look at some research data or whatever – they have to apply themselves or ask someone to apply for them first.
Universities in the UK have signed up to rolling out Shibboleth in the next few years which should enable anyone from one university to sign in to the services at another university. I wonder how many of the lightweight accounts we currently grant this would take care of?
So, what are possible use-cases for OpenID at a University?
Videntity.org, an OpenID server by Dan Libby, now imports user profiles from sites which provide your profile in hCard or FOAF. I hadn’t bothered previously filling in my profile details, but now that I’ve pointed it at my Flickr profile page and my directory page from work (both of which are marked up with hCard) it’s rather terrifyingly filled in all the details for me.
This third-party service now knows my full name, nickname, job, work phone number (which I’ve made private but is still readily available on my work page), and the city and country I live in.
I also pointed it at my last.fm account, but that just confirmed my other details and expanded “UK” to “United Kingdom” (disclaimer: I have now added my jabber address by hand).
It’s been interesting watching these details import and just how much overlap there is between the information on them – not just in seeing how many times I’ve entered the same information but how it actually acts as a positive feedback mechanism, allowing certain bits of my profile to be marked as more reliable than others.
Also interestingly, I seem to recall trying to post to Sam Ruby’s OpenID comments thread using my videntity as a url (both http://pip.videntity.org and delegating from http://philwilson.org/blog, both of which the OpenID tests seem to validate), but it never worked. Alas.