Comments on: OpenID Providers that Don’t Consume are not Evil http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/ Blog by EnThinnai Team Members Fri, 16 May 2008 06:14:27 +0000 http://wordpress.org/?v=2.2.2 By: Aswath http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-1056 Aswath Thu, 27 Mar 2008 21:11:40 +0000 http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-1056 Phil: I didn't realize that OpenIDs derived from wordpress.com is failing to be recognized. Let me to do some exploring and will let you know. It is a best current practice for Relying Parties to associate multiple OpenIDs with a single account. this way when one OpenID fails for whatever reason users are not locked out of service. In this respect many RPs, including EnThinnai, is defunct. I also would strongly recommend that you should use <a href="http://wiki.openid.net/Delegation" rel="nofollow">OpenID delegation </a>of one of your pages. This way you can maintain the URL of that page to be your OpenID and can change the OpenID provider to maintain full availability. Phil:

I didn’t realize that OpenIDs derived from wordpress.com is failing to be recognized. Let me to do some exploring and will let you know.

It is a best current practice for Relying Parties to associate multiple OpenIDs with a single account. this way when one OpenID fails for whatever reason users are not locked out of service. In this respect many RPs, including EnThinnai, is defunct.

I also would strongly recommend that you should use OpenID delegation of one of your pages. This way you can maintain the URL of that page to be your OpenID and can change the OpenID provider to maintain full availability.

]]> By: Phil Wolff http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-1052 Phil Wolff Thu, 27 Mar 2008 11:26:54 +0000 http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-1052 I've been a wordpress.com OpenID for about six months but they recently stopped being compatible with most OpenID parsers; everywhere I go, including places I visited previously, fail to recognize my ID as valid. Is there an extension or successor to OpenID that offers a list of OpenIDs to an OpenID consumer? So that, when my provider is offline or bankrupt or discontinues the service, I can still authenticate as me? still login to my services? I’ve been a wordpress.com OpenID for about six months but they recently stopped being compatible with most OpenID parsers; everywhere I go, including places I visited previously, fail to recognize my ID as valid.

Is there an extension or successor to OpenID that offers a list of OpenIDs to an OpenID consumer? So that, when my provider is offline or bankrupt or discontinues the service, I can still authenticate as me? still login to my services?

]]> By: Aswath http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-996 Aswath Tue, 25 Mar 2008 02:08:08 +0000 http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-996 Fazal: I agree that some RPs will think along the same lines, some may go even further and require physical contact. Of course there will be some who don't require much. The varied requirement is the reason to separate the authentication function and the service function. This is the fundamental contribution of OpenID. Fazal:

I agree that some RPs will think along the same lines, some may go even further and require physical contact. Of course there will be some who don’t require much. The varied requirement is the reason to separate the authentication function and the service function. This is the fundamental contribution of OpenID.

]]> By: Fazal Majid http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-995 Fazal Majid Tue, 25 Mar 2008 01:49:52 +0000 http://blog.enthinnai.com/2008/03/24/openid-providers-that-dont-consume-are-not-evil/#comment-995 I would go further and say that because of their wide-open nature, Google, Yahoo or MSN issued OpenIDs are not worth much. All they provide to the relying party is some measure of confidence the user is a human (thereby obviating the need to participate in the CAPTCHA arms race) and provide an email without requiring the complex double-verified opt-in procedure you would have to use otherwise. OpenID only provides the first A in AAA (authentication, authorization and accounting). OpenIDs issued by eBay have more value because they are tied to a valuable trust metric, the feedback (although eBay is shooting itself in the foot with the recently introduced no-seller-feedback policy). I would go further and say that because of their wide-open nature, Google, Yahoo or MSN issued OpenIDs are not worth much. All they provide to the relying party is some measure of confidence the user is a human (thereby obviating the need to participate in the CAPTCHA arms race) and provide an email without requiring the complex double-verified opt-in procedure you would have to use otherwise.

OpenID only provides the first A in AAA (authentication, authorization and accounting). OpenIDs issued by eBay have more value because they are tied to a valuable trust metric, the feedback (although eBay is shooting itself in the foot with the recently introduced no-seller-feedback policy).

]]>