

The problem(s) with OpenID (excellent criticism of OpenID) - nickb
http://www.idcorner.org/?p=161

======
nickb
OpenID seems to be doomed. All these issues are just horrible on their own...
taken as a whole, it's a disaster.

~~~
wmf
A purely negative article tends to give that impression. What's the
alternative? Brands likes to mention how perfect Credentica is, but it isn't
deployed anywhere. OpenID may turn out to be the worst identity protocol,
except for all the others that have been tried.

~~~
benhoyt
Good point. Similar to IP and TCP -- from an embedded programmer's
perspective, IP is one of the most icky and hardware-unfriendly protocols
around. When my friend was at university, they told them about IP just in
passing, saying, "it'll die any day now." But now it's everywhere, and it
works.

------
cstejerean
While there are certainly problems that need to be addressed, problems with
phishing need to be addressed by any web application. While there is certainly
room for improvement I think OpenID at least has the right idea about how
single sign-on for the web needs to work.

------
dzohrob
i just can't imagine a regular user ever really understanding why (or how)
their username for a bunch of websites is a URL.

~~~
bct
Lots of sites make you log in with your email address, is that any different?

------
jsmcgd
Can't the first problem (phishing) be overcome with a simple browser plugin?

~~~
DougBTX
No, but a browser plugin would be a great platform to launch a phishing
attack.

