Hacker News new | comments | ask | show | jobs | submit login

I'm really surprised that this hasn't been solved by browser vendors yet.

You should be able to tell your browser about your OpenID account(s), so it can keep you logged in constantly. "Hey! Your OpenID login has expired. Please login again now, or hit 'Later' to see this prompt the next time you try to access an account."

Then, when you go to a website that supports OpenID, your browser can tell it, "Hey. Don't bother presenting us with a login prompt. Just check to see if you have any accounts associated with these OpenIDs."

Of course, it can't be that simplistic, because the site needs to verify authentication with your provider, not your potentially devious browser. But I feel like that is not a difficult problem to solve.

It's one-and-a-half steps. The first "half" step is "Logging in," because you only have to do it once per browser session. The first real step is: "Go to the site." Done.




If you want to involve browser makers, why not eliminate the OpenID providers entirely? If I can store my profile in my browser and allow/deny sending my information on site-by-site basis we wouldn't need OpenID at all. And there are already plenty of services to sync your browser information (logins, bookmarks, history) to the cloud.


Chrome should start doing this immediately, since they're one of the few browser vendors that can easily tie a bunch of these services together.


Browsers store cookies that allow you to stay signed in.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: