
An OpenID is not an account! - joshwa
http://simonwillison.net/2007/Jan/10/account/
======
danw
This is a really confusing aspect of openID. It still perplexes me that when I
log into a new site with my openID that I have to verify email, choose
username etc.

Whats all the fuss about if all it does is handle the password entry aspect?

I know that many 'normal' users find it very confusing to be redirected to a
different web site to enter their password and then redirected back.

~~~
danielha
It all depends on the implementation on the relying site.

Indeed you must still pick a username (or perhaps you don't -- again, depends
on the implementation), but it all comes down to simplifying the
identification process. If the identity provider recognizes you, the relying
site trusts that the information you provided there still holds true.

Single sign-on is the main hook right now and it's an attractive one,
especially for users who are hesitant to try new services due to a lengthy
sign-up form. Because it's open-spec, there are some interesting new
applications for OpenID that are coming into light.

~~~
danw
There was a good point that Simon Willison raised recently. If your building a
web app and that app gets dugg, the digg users will be able to log straight
into your site with no sign up process if you support openID. Aything that
lowers the barriers to someone using your app has got to be a good thing.

------
Alex3917
In theory couldn't one ban any OpenID below a certain pagerank? For example,
my OpenID is embedded on my homepage, which has a pagerank of 6. So then could
I create a Reddit clone and ban anyone with an OpenID coming from a site with
a pagerank of below 4? You would probably have to accept only OpenID's from
the header of index.html, and check to make sure there was only one OpenID per
page. That way if you got banned for trolling then you'd have to make a new
homepage and get it up to a certain pagerank before you could make a new
account at the site.

~~~
joshwa
yeah, because there are no unscrupulous ways of elevating one's pagerank...

~~~
Alex3917
PageRank works almost exactly the same way as a PKI. The only difference is
that instead of people signing your key to vouch that it belongs to you, they
are linking to your webpage to vouch that it has quality content. PageRank can
be faked, certainly, but it is difficult enough to at least significantly slow
someone down. To make it more trustworthy you'd probably have to modify it to
create certain webpages that were absolutely trusted, and then do some sort
Kevin Bacon rank where end users were scored based on the degrees of
separation. That way there is some designated starting point, rather than the
whole system being based off popularity.

