Am Samstag, 29. November 2008 17:21 schrieb David Earl: > (b) that it was incredibly slow. It has to bounce back and forth between > two, sometimes three, different web sites several times and do some > amazingly complicated maths on the way. It was especially slow the first > time someone logs on (after which it has some stuff cached, but isn't a > very nice first impression)
Can you say it in seconds not in words? "especially slow" is very diferent from user, to user. > OpenID is a nice idea, but the advantage of a cross site login is lost > in the overhead of using it in my experience. I use OpenID everywhere where I can, it it is for me no overhead, but I good way not know much passwords.. > The biggest criticism of openID is the vulnerability of users to > identity theft: a user can be phished by an unscrupulous site into > entering their login details at a site which looks like their openID > provider but isn't, and therefore lose their password - which of course > gives the intruder access to not one but a wealth of sites used by the > victim. But if it isn't there will be a other URL displayed in the browser window. One the other hand, *there are plans to implement OpenID in your Operating System. *you can use browser TLS certificates to login to OpenID. This is safer than my Online Banking at the moment. > > So on balance I think I'd say don't bother - just re-register with the > same name and password at the partner site. And if one site is hacked, everybody would know your password and can login to every site :-( I would like a solution where the user can choose, if he wants to use single signon (with overhead) or not (and must register and know passwords on and on). Sven _______________________________________________ dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/dev
