
OpenID’s Tipping Point - Anon84
http://www.25hoursaday.com/weblog/2009/05/22/OpenIDsTippingPoint.aspx
======
jasonkester
OpenID needs to go away so that something good can replace it. It's a terrible
implentation of a good idea, and the longer it limps along, alienating people,
the harder it will be to get its replacement accepted.

OpenID's contribution to the Single Signon Quest has been to prove beyond a
doubt that nobody wants to remember a URL for their username. Yes, we all know
it's the same amount of typing as an email address, but at the end of the day,
people are trained to type their email repeatedly and are thus good at it (and
remember it).

So please, OpenID, hurry up go away. The thing that takes your place will
probably be pretty good because of you.

~~~
TomOfTTB
I'm not sure I agree with you. I don't deny OpenID's problems. But to me the
issue is whether OpenID is completely unredeemable. Which I think it's far
from being.

If nothing else it already has two things going for it. The first is positive
press and the second is a legion of fans (some of which border on sycophants)
So the question is wouldn't it be better to fix the problems in this spec
rather than make another. I think so. In fact I think trying to create a new
spec can be a disaster.

If you need proof of why this is ture look at all the people who continue to
use RSS over Atom because of a standards fight that happened years ago.

~~~
jasonkester
You're right that redesigning it from scratch will probably make it even more
complicated. I guess that's a point against.

The tough part of modifying the existing implementation will be the URLs-as-
Usernames thing. They seem set on that and it just isn't flying.

------
wvenable
There isn't enough utility for me to bother with OpenID. This should really be
integrated into browsers rather than some crazy web service scheme.

~~~
theBobMcCormick
With Mozilla Weave, it (supposedly) will be integrated into the browser
<http://labs.mozilla.com/2009/05/identity-in-the-browser/>

------
csbrooks
So if you're making a small site as a side project, is it worth integrating
Openid?

I'm assuming here you can't get away with the StackOverflow approach of
_requiring_ all users to use it, so you still have to manage passwords for
some users, anyway.

As an end-user, I think I'm at the point where I'd prefer to use something
like OpenID for new accounts. (I wasn't using it for HN, and I lost my
password about a month ago, so now I have this account linked to gmail.)

~~~
wmf
I think OpenID is great for small sites because you probably can't afford to
do password security correctly so using OpenID is probably easier and more
secure.

~~~
evgen
Since both OpenID and secure logins for small sites are but a plugin away for
the frameworks that such sites will inevitably use this assertion just does
not hold water. Given the fact that the two are roughly equivalent for the
server provider (albeit with an increased number of potential failure points
for the OpenID system due to reliance upon third-parties for authentication)
the determining factor should probably be usability. On this point OpenID
fails miserably.

------
indiejade
OpenID is an okay thing to have around as an alternate "backup" type of sign-
in option. It seems to be most useful for people whose set default MO is to
use the same username and password for most of their online accounts; typical
users.

But OpenID does have its issues. Obviously trusting one provider with all of
your username and password credentials isn't the best idea. I think, however,
that having an OpenID URL is a good idea. But the better idea is to give new
users their own unique ID on your site, and to allow them the option to link
it to some other previously established online ID. Not by default.

In fact, information auditing doesn't really work without the rule of three:
which (at some level) includes the separation of power from control.

------
vicaya
Ubiquitous browser support so that the sign on interface is uniform and that
phishing is impossible would go a long way for OpenID.

