Re: Google OpenID is now live
On 10/04/2008, Vinay Gupta [EMAIL PROTECTED] wrote: I think that kind of misses the point. The *namespace* that google manages is now open for business as an OpenID provider. It's an unanticipated side-effect of the APIs. I think it's kind of a big deal, actually, in terms of how OpenID is right from an engineering perspective and how it can spread in unexpected ways. If only login were so easy. This service seems pretty much equivalent to Simon Willison's idproxy.net service for Yahoo accounts. The big difference between this sort of service and actial OpenID Provider support from Google/Yahoo is a matter of trust. With an OP run by Google, the user needs to trust Google. With this OP, the user needs to trust whoever is running the OP not to impersonate them. Given the lack of contact information, I'd be hesitant to use identities managed by that service and would not recommend others rely on it. James. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Google OpenID is now live
On Thu, Apr 10, 2008 at 12:40 AM, James Henstridge [EMAIL PROTECTED] wrote: On 10/04/2008, Vinay Gupta [EMAIL PROTECTED] wrote: I think that kind of misses the point. The *namespace* that google manages is now open for business as an OpenID provider. It's an unanticipated side-effect of the APIs. I think it's kind of a big deal, actually, in terms of how OpenID is right from an engineering perspective and how it can spread in unexpected ways. If only login were so easy. This service seems pretty much equivalent to Simon Willison's idproxy.net service for Yahoo accounts. The big difference between this sort of service and actial OpenID Provider support from Google/Yahoo is a matter of trust. With an OP run by Google, the user needs to trust Google. With this OP, the user needs to trust whoever is running the OP not to impersonate them. Given the lack of contact information, I'd be hesitant to use identities managed by that service and would not recommend others rely on it. James, openid-provider.appspot.com was written by a Google engineer, Ryan Barrett, who also did most the work (including all the initial work) on Blogger's OpenID support: References: http://appgallery.appspot.com/about_app?app_id=agphcHBnYWxsZXJ5chMLEgxBcHBsaWNhdGlvbnMYrwIM http://snarfed.org/space/2008-04-07_google_app_engine_launched http://snarfed.org/space/2007-12-02_openid_comments_in_blogger Further, App Engine apps don't process user credentials directly. They go through an OpenID-like auth process with Google, who actually processes the email/password and tells the App Engine app that somebody logged in, at what email. You can verify this yourself by looking at the form targets and HTTP traffic. See: http://code.google.com/appengine/docs/users/ So I'd say you can pretty much trust an openid-provider.a.com assertion that the person has a Google account. But like others have said, it's not an official Google product. Brad ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Google OpenID is now live
On 10/04/2008, Brad Fitzpatrick [EMAIL PROTECTED] wrote: On Thu, Apr 10, 2008 at 12:40 AM, James Henstridge [EMAIL PROTECTED] wrote: On 10/04/2008, Vinay Gupta [EMAIL PROTECTED] wrote: I think that kind of misses the point. The *namespace* that google manages is now open for business as an OpenID provider. It's an unanticipated side-effect of the APIs. I think it's kind of a big deal, actually, in terms of how OpenID is right from an engineering perspective and how it can spread in unexpected ways. If only login were so easy. This service seems pretty much equivalent to Simon Willison's idproxy.net service for Yahoo accounts. The big difference between this sort of service and actial OpenID Provider support from Google/Yahoo is a matter of trust. With an OP run by Google, the user needs to trust Google. With this OP, the user needs to trust whoever is running the OP not to impersonate them. Given the lack of contact information, I'd be hesitant to use identities managed by that service and would not recommend others rely on it. James, openid-provider.appspot.com was written by a Google engineer, Ryan Barrett, who also did most the work (including all the initial work) on Blogger's OpenID support: References: http://appgallery.appspot.com/about_app?app_id=agphcHBnYWxsZXJ5chMLEgxBcHBsaWNhdGlvbnMYrwIM http://snarfed.org/space/2008-04-07_google_app_engine_launched http://snarfed.org/space/2007-12-02_openid_comments_in_blogger Okay. It wasn't clear who was running the service just by looking at the URL originally posted. Further, App Engine apps don't process user credentials directly. They go through an OpenID-like auth process with Google, who actually processes the email/password and tells the App Engine app that somebody logged in, at what email. You can verify this yourself by looking at the form targets and HTTP traffic. See: http://code.google.com/appengine/docs/users/ So I'd say you can pretty much trust an openid-provider.a.com assertion that the person has a Google account. But like others have said, it's not an official Google product. I realise that Google's authsub service doesn't reveal a user's email + password to the relying site (in this case openid-provider.appspot.com). If you are using an OpenID provider that I control, you are trusting me not to add a backdoor that lets me authenticate to RPs as your identity URL. And given the way OpenID works, I'd have a pretty good idea of which RPs to go after. Based on the info in the links you provided it is probably safe to trust the site not to do these things, but it is not clear from the information on that site alone. James. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Google OpenID is now live
I expect Google might have a (legal) opinion on characterizing this application as 'Google OpenID' I think I'll wait for Google itself to enable my Gmail as an OpenID. paul Vinay Gupta wrote: http://openid-provider.appspot.com/ Somebody used their app hosting service and implemented an OpenID provider. That kind of changes things, doesn't it? Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) http://hexayurt.com/ Cell: Iceland (+354) 869-4605 Skype/Gizmo/Gtalk: hexayurt People with courage and character always seem sinister to the rest Herman Hesse ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- Paul Madsene:paulmadsen @ ntt-at.com NTTp:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Google OpenID is now live
When Google eventually does make a proper OpenID provider all the OpenIDs provided by openid-provider.appspot.com would not match. Would get very confusing apart from advanced users that understand the distinction. Immad On Wed, Apr 9, 2008 at 12:49 PM, Paul Madsen [EMAIL PROTECTED] wrote: I expect Google might have a (legal) opinion on characterizing this application as 'Google OpenID' I think I'll wait for Google itself to enable my Gmail as an OpenID. paul Vinay Gupta wrote: http://openid-provider.appspot.com/ Somebody used their app hosting service and implemented an OpenID provider. That kind of changes things, doesn't it? Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) http://hexayurt.com/ Cell: Iceland (+354) 869-4605 Skype/Gizmo/Gtalk: hexayurt People with courage and character always seem sinister to the rest Herman Hesse ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- Paul Madsene:paulmadsen @ ntt-at.com NTTp:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Cell: +1 617 460 7271 Skype: i.akhund Blog: http://immadsnewworld.com Clickpass, CTO ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Google OpenID is now live
I agree. I think this is an excellent technology demonstration, but it is a third-party, not Google, that is enabling the ID. John 2008/4/9 Immad Akhund [EMAIL PROTECTED]: When Google eventually does make a proper OpenID provider all the OpenIDs provided by openid-provider.appspot.com would not match. Would get very confusing apart from advanced users that understand the distinction. Immad On Wed, Apr 9, 2008 at 12:49 PM, Paul Madsen [EMAIL PROTECTED] wrote: I expect Google might have a (legal) opinion on characterizing this application as 'Google OpenID' I think I'll wait for Google itself to enable my Gmail as an OpenID. paul Vinay Gupta wrote: http://openid-provider.appspot.com/ Somebody used their app hosting service and implemented an OpenID provider. That kind of changes things, doesn't it? Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) http://hexayurt.com/ Cell: Iceland (+354) 869-4605 Skype/Gizmo/Gtalk: hexayurt People with courage and character always seem sinister to the rest Herman Hesse ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- Paul Madsene:paulmadsen @ ntt-at.com NTTp:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Cell: +1 617 460 7271 Skype: i.akhund Blog: http://immadsnewworld.com Clickpass, CTO ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Google OpenID is now live
I think that kind of misses the point. The *namespace* that google manages is now open for business as an OpenID provider. It's an unanticipated side-effect of the APIs. I think it's kind of a big deal, actually, in terms of how OpenID is right from an engineering perspective and how it can spread in unexpected ways. If only login were so easy. Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) http://hexayurt.com/ Cell: Iceland (+354) 869-4605 Skype/Gizmo/Gtalk: hexayurt People with courage and character always seem sinister to the rest Herman Hesse On Apr 9, 2008, at 7:45 PM, John Ehn wrote: I agree. I think this is an excellent technology demonstration, but it is a third-party, not Google, that is enabling the ID. John 2008/4/9 Immad Akhund [EMAIL PROTECTED]: When Google eventually does make a proper OpenID provider all the OpenIDs provided by openid-provider.appspot.com would not match. Would get very confusing apart from advanced users that understand the distinction. Immad On Wed, Apr 9, 2008 at 12:49 PM, Paul Madsen [EMAIL PROTECTED] wrote: I expect Google might have a (legal) opinion on characterizing this application as 'Google OpenID' I think I'll wait for Google itself to enable my Gmail as an OpenID. paul Vinay Gupta wrote: http://openid-provider.appspot.com/ Somebody used their app hosting service and implemented an OpenID provider. That kind of changes things, doesn't it? Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) http://hexayurt.com/ Cell: Iceland (+354) 869-4605 Skype/Gizmo/Gtalk: hexayurt People with courage and character always seem sinister to the rest Herman Hesse -- -- ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- -- No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- Paul Madsene:paulmadsen @ ntt-at.com NTTp:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Cell: +1 617 460 7271 Skype: i.akhund Blog: http://immadsnewworld.com Clickpass, CTO ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Google OpenID is now live
Any sufficiently advanced web site system is indistinguishable from an OP. Or, rather, can be turned into an OP. :) Vinay Gupta wrote: I think that kind of misses the point. The *namespace* that google manages is now open for business as an OpenID provider. It's an unanticipated side-effect of the APIs. I think it's kind of a big deal, actually, in terms of how OpenID is right from an engineering perspective and how it can spread in unexpected ways. If only login were so easy. Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) http://hexayurt.com/ Cell: Iceland (+354) 869-4605 Skype/Gizmo/Gtalk: hexayurt People with courage and character always seem sinister to the rest Herman Hesse On Apr 9, 2008, at 7:45 PM, John Ehn wrote: I agree. I think this is an excellent technology demonstration, but it is a third-party, not Google, that is enabling the ID. John 2008/4/9 Immad Akhund [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: When Google eventually does make a proper OpenID provider all the OpenIDs provided by openid-provider.appspot.com http://openid-provider.appspot.com/ would not match. Would get very confusing apart from advanced users that understand the distinction. Immad On Wed, Apr 9, 2008 at 12:49 PM, Paul Madsen [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I expect Google might have a (legal) opinion on characterizing this application as 'Google OpenID' I think I'll wait for Google itself to enable my Gmail as an OpenID. paul Vinay Gupta wrote: http://openid-provider.appspot.com/ Somebody used their app hosting service and implemented an OpenID provider. That kind of changes things, doesn't it? Vinay -- Vinay Gupta - Designer, Hexayurt Project - an excellent public domain refugee shelter system Gizmo Project VOIP: 775-743-1851 (usually works!) http://hexayurt.com/ Cell: Iceland (+354) 869-4605 Skype/Gizmo/Gtalk: hexayurt People with courage and character always seem sinister to the rest Herman Hesse ___ specs mailing list specs@openid.net mailto:specs@openid.net http://openid.net/mailman/listinfo/specs No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.9/1365 - Release Date: 4/8/2008 7:30 AM -- Paul Madsene:paulmadsen @ ntt-at.com http://ntt-at.com/ NTTp:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com http://connectid.blogspot.com/ ___ specs mailing list specs@openid.net mailto:specs@openid.net http://openid.net/mailman/listinfo/specs -- Cell: +1 617 460 7271 Skype: i.akhund Blog: http://immadsnewworld.com http://immadsnewworld.com/ Clickpass, CTO ___ specs mailing list specs@openid.net mailto:specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net mailto:specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
