I had the same thoughts, but not quite as strongly as you. I think it shows once again that the difference between OpenID and InfoCards is not understood. We might want to reach out to the author (or leave a comment) about the small number of inaccuracies, but I don't think that it deserves a post by itself.
--David On Fri, Sep 25, 2009 at 10:23 AM, Chris Messina <[email protected]> wrote: > > The article is here: > > http://gcn.com/articles/2009/09/28/openid-authentication-for-federal-web-sites.aspx > > Unfortunately, it suffers from a number of inaccuracies or misleading > statements, which may warrant a simple blog post welcoming this > review, but highlighting some clarifications: > > "OpenID is fundamentally a way you can use your browser to > authenticate to a Web site by using a third-party identity provider," > said Drummond Reed, one of the founding board members of the OpenID > Foundation, which oversees OpenID. > >>> Drummond was indeed a founding member of the OIDF, but this quote makes it >>> sound like he's speaking on behalf of the OIDF board, which I don't think >>> was his intention... > > > "For users, the chief appeal of OpenID is that it could provide a > single name and password combination for a wide variety of sites." > >>> This kind of language concerns me — and I've recently heard feedback that >>> the government will be able to "get your Facebook password" if you use >>> OpenID on a government site... while the convenience of this statement is >>> not to be ignored, it should be clarified that one's password is NEVER >>> shared with an OpenID consumer/relying party (or the government!). > > > "The list of consumer Web sites that accept OpenID as credentials is > growing, even if they lean toward the geeky side: Slashdot, Facebook, > Google, Technorati, LiveJournal and Yahoo. " > >>> Google, Yahoo and Technorati do not accept OpenID credentials, AFAIK. They >>> provide them, but do not accept them. > > > "The OpenID Foundation says more than 27,000 sites use the protocol, > although actual use on the part of the Web populace remains an open > question: One Internet service, called WetPaint, dropped support for > OpenID, noting that of its 1 million registered users, only 200 logged > on with OpenID accounts. Other sites, such as Facebook and Google, > hide their OpenID log-on pages." > >>> As of July, according to Janrain, it looks like we're closer to 50K relying >>> parties: > > http://blog.janrain.com/2009/07/relying-party-stats-as-of-july-1-2009.html > > And, while it's true that Wetpaint removed OpenID from their site, I > can personally attest to how AWFUL their implementation was: > > http://www.flickr.com/photos/factoryjoe/2478951850/ > > Also, Google doesn't so much as hide their OpenID logon pages as they > don't support it (unless we're talking about Google Apps for your > Domain? > > > "A Web site that uses OpenID credentials assumes only that any OpenID > provider is supplying verification that a person wishing to register > under a certain account knows the password of that account, the OpenID > Foundation’s Reed said. " > >>> Once again, it would appear that Drummond is speaking on behalf of the >>> OpenID Foundation. > > Otherwise, it's a pretty good article. > > Chris _______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
