The author of the post (Joab Jackson) was CC'd on my original email, so hopefully he'll consider these slight adjustments. ;) Chris
On Fri, Sep 25, 2009 at 10:28 AM, David Recordon <[email protected]>wrote: > > I had the same thoughts, but not quite as strongly as you. I think it > shows once again that the difference between OpenID and InfoCards is > not understood. We might want to reach out to the author (or leave a > comment) about the small number of inaccuracies, but I don't think > that it deserves a post by itself. > > --David > > On Fri, Sep 25, 2009 at 10:23 AM, Chris Messina <[email protected]> > wrote: > > > > The article is here: > > > > > http://gcn.com/articles/2009/09/28/openid-authentication-for-federal-web-sites.aspx > > > > Unfortunately, it suffers from a number of inaccuracies or misleading > > statements, which may warrant a simple blog post welcoming this > > review, but highlighting some clarifications: > > > > "OpenID is fundamentally a way you can use your browser to > > authenticate to a Web site by using a third-party identity provider," > > said Drummond Reed, one of the founding board members of the OpenID > > Foundation, which oversees OpenID. > > > >>> Drummond was indeed a founding member of the OIDF, but this quote makes > it sound like he's speaking on behalf of the OIDF board, which I don't think > was his intention... > > > > > > "For users, the chief appeal of OpenID is that it could provide a > > single name and password combination for a wide variety of sites." > > > >>> This kind of language concerns me — and I've recently heard feedback > that the government will be able to "get your Facebook password" if you use > OpenID on a government site... while the convenience of this statement is > not to be ignored, it should be clarified that one's password is NEVER > shared with an OpenID consumer/relying party (or the government!). > > > > > > "The list of consumer Web sites that accept OpenID as credentials is > > growing, even if they lean toward the geeky side: Slashdot, Facebook, > > Google, Technorati, LiveJournal and Yahoo. " > > > >>> Google, Yahoo and Technorati do not accept OpenID credentials, AFAIK. > They provide them, but do not accept them. > > > > > > "The OpenID Foundation says more than 27,000 sites use the protocol, > > although actual use on the part of the Web populace remains an open > > question: One Internet service, called WetPaint, dropped support for > > OpenID, noting that of its 1 million registered users, only 200 logged > > on with OpenID accounts. Other sites, such as Facebook and Google, > > hide their OpenID log-on pages." > > > >>> As of July, according to Janrain, it looks like we're closer to 50K > relying parties: > > > > > http://blog.janrain.com/2009/07/relying-party-stats-as-of-july-1-2009.html > > > > And, while it's true that Wetpaint removed OpenID from their site, I > > can personally attest to how AWFUL their implementation was: > > > > http://www.flickr.com/photos/factoryjoe/2478951850/ > > > > Also, Google doesn't so much as hide their OpenID logon pages as they > > don't support it (unless we're talking about Google Apps for your > > Domain? > > > > > > "A Web site that uses OpenID credentials assumes only that any OpenID > > provider is supplying verification that a person wishing to register > > under a certain account knows the password of that account, the OpenID > > Foundation’s Reed said. " > > > >>> Once again, it would appear that Drummond is speaking on behalf of the > OpenID Foundation. > > > > Otherwise, it's a pretty good article. > > > > Chris > -- Chris Messina Open Web Advocate Personal: http://factoryjoe.com Follow me on Twitter: http://twitter.com/chrismessina Citizen Agency: http://citizenagency.com Diso Project: http://diso-project.org OpenID Foundation: http://openid.net This email is: [ ] shareable [X] ask first [ ] private
_______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
