OpenID, Wes Craven's New Nightmare



  • Ok maybe not that bad, but since we've had a couple discussions about OpenID here, I thought I'd post a few things on the topic:

    37Signals is retiring their support of OpenID claiming that it confuses customers, is a huge support drain, and almost none of their users use it. (And some who do use it, when surveyed, thought they were required to.) That article linked to:

    What's wrong with OpenID discussion on Quora. (What's the deal with Quora, BTW? They're getting a lot of buzz, and I've heard almost nothing about the site...) That discussion summarizes the problem as: "OpenID is a solution in search of a problem. Plus the user experience of logging in with OpenID is worse than just signing up for another account."

    Thirdly, an article entitled "OpenID is a nightmare", which is basically a horror story about what happens when OpenID goes wrong (apparently because Google changed something and broke it.)

    What do you guys think?



  • I use an OpenID of my own implementation. I used the PHP OpenID library by JanRain, Inc, and then I wrote the form and a few other related codes by myself.



  • Unless more sites adopt openid, it won't pick up. Personally I think that the whole idea of openid was to stop me from entering my profile information in more than one place, but what's the point of using openid and then again enter profile info.

    I would rather use my google account to sign in everywhere.

    ED: Don't quote the OP.  -btk



  • @Nagesh said:

    I would rather use my google account to sign in everywhere.

     

    Which, ironically, is what Freebase did. First they made an intense media brouhaha how they were to go support OpenID, the movement for more freedom on the web and so on. When they finally activated the feature it turned out that you can now login with any OpenID account you like - provided it's a Google or Yahoo account...



  • @PSWorx said:

    ...When they finally activated the feature it turned out that you can now login with any OpenID account you like - provided it's a Google or Yahoo account...
    Which is dumb, since the purpose of OpenID is that you can also make up your own login provider as well. (There are also many other things you can make with OpenID, such as providers using some method of authentication other than passwords, or permit login only from certain computers, or whatever you want.)

    @Nagesh said:

    I would rather use my google account to sign in everywhere.
    I do not even have a Google account. I use OpenID of my own. But there is one problem of OpenID, that it is using only HTTP/HTML and doesn't do login over other protocols, although a new protocol can be invented to support command-line OpenID for this purpose. (You can already use SSH public keys to login to another service without requiring a password, too.)



  • @zzo38 said:

    Which is dumb, since the purpose of OpenID is that you can also make up your own login provider as well. (There are also many other things you can make with OpenID, such as providers using some method of authentication other than passwords, or permit login only from certain computers, or whatever you want.)

    "You" being "uber-geeks". There's no way the average person-on-the-street could pull that off, even if they did run a blog. (The average blog is on Blogspot, WordPress, Tumblr or LiveJournal. 99% of blogs don't have their own domain name.)

    @zzo38 said:

    @Nagesh said:
    I would rather use my google account to sign in everywhere.
    I do not even have a Google account. I use OpenID of my own. But there is one problem of OpenID, that it is using only HTTP/HTML and doesn't do login over other protocols, although a new protocol can be invented to support command-line OpenID for this purpose. (You can already use SSH public keys to login to another service without requiring a password, too.)

    To be fair to OpenID, their upcoming standard "OpenID Connect" (jealous of Facebook a little, guys?) will be usable from devices with no web browser. Which makes it better than OpenID 2.0 and OAuth and Facebook Connect which all have that same retarded flaw.

    I mean, I don't like OpenID and I don't use it myself. It's a terrible user experience, and it doesn't solve any problems that Microsoft hadn't already solved much better years ago.



  • @blakeyrat said:

    Which makes it better than OpenID 2.0 and OAuth and Facebook Connect which all have that same retarded flaw.

     

    I'd like to contribute the following bash.org quote to that:

    [quote user="QDB"]

    <Pomax> 20 years from now, someone is going to have the radical idea to give users access to the underlying OS, rather than to the browser API, and he will be heralded a revolutionary.
    <Pomax> All manner of programming languages will pop up that work outside "the browser", giving access to "offline" applications, storing files in "user space", even perhaps running in something called "kernel mode".
    <Pomax> It'll be a brave new world.
    <Mirell> It's scary that's believable.

    [/quote]

    Fitting with that mindset is the fact, that apparently google's new CR-48  Chrome-OS notebook doesn't only do anything without an internet connection, it also doesn't even have an ethernet plug. Because everyone has wireless as we know. Oh, apparently, eventually Google noticed that this could be a limitation to some people. Their solution: Bundle a mobile phone plan with the notebook that gives everyone free 100 MB per month...



  • @zzo38 said:

    @PSWorx said:

    ...When they finally activated the feature it turned out that you can now login with any OpenID account you like - provided it's a Google or Yahoo account...
    Which is dumb, since the purpose of OpenID is that you can also make up your own login provider as well. (There are also many other things you can make with OpenID, such as providers using some method of authentication other than passwords, or permit login only from certain computers, or whatever you want.)

    @Nagesh said:

    I would rather use my google account to sign in everywhere.

    I do not even have a Google account. I use OpenID of my own. But there is one problem of OpenID, that it is using only HTTP/HTML and doesn't do login over other protocols, although a new protocol can be invented to support command-line OpenID for this purpose. (You can already use SSH public keys to login to another service without requiring a password, too.)

    Does it make it easier for people to get tracked if they continue to use open-id on all sites?


Log in to reply