Chris MessinaAdminChris Messina (Admin, OpenID)

My feedback

  1. 21 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      started  ·  5 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
      Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

      We've talked about this idea for a long time. I hope it to be part of the next version of OpenID, SREG, or Attribute Exchange (formats for exchanging data like profile information).

    • 429 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        124 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →

        This is a fair criticism and something that we want to address as we continue to make improvements to our newly relaunched website. It has a long way to go still, and this kind of feedback is very helpful in directing our attention. Thanks — and sorry to hear about your frustration.

        Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

        Some replies to your questions:

        > You say I have an OpenID; what is it, my Google, Yahoo or eBlogger account? All of the above? What information is in? Who gave OpenID permission to create an account for me? Who gave any of the above entities permission to share my information with OpenID?

        Google, Yahoo, and Blogger accounts can be used as OpenIDs.

        The information that each provides to sites that you sign in to varies depending on your privacy settings with each provider. Each provider gives you a different level of control over how much data is shared when you sign in.

        OpenID didn't give anyone permission — in that sense it's just a technology — and those providers chose to add it (i.e. offering OpenIDs) as a feature for their users. Your information has never been shared with "OpenID" — especially if you mean the "OpenID Foundation" — unless you signed in to the OpenID website with one of your accounts.

        > If I am correct, I do not have an "OpenID" ACCOUNT, what I have is several IDs, (Google, Yahoo, and eBlogger) identified as PARTICIPANTS in the open ID effort, which allows THIER credentials (Google, et al) to be used to log into 3rd party sites. THIS IS NOT A UNIQUE OPENID IDENTITY. I am not sure this is correct and it certainly not clear from this website.

        That's fair. It's understandable that OpenID can be confusing at first.

        Think of an OpenID like an email address — you may have several email addresses — from personal to work to spam buckets. In the same way, you can have several OpenIDs from different providers that you may use for different purposes. Just because one of your accounts is OpenID-enabled doesn't mean you need to use it as an OpenID.

        The only way to have a "unique identity" is to choose ONE of your OpenIDs and just use that one as often as you can.

        > If the above is correct then my first recommendation is to separate the function (OpenID)from the OpenID account; your.name.myopeniid. Make the account something like "UniID" and leave the term OpenID strictly for the function. I think the identical terminology is very confusing as everyone is accustom to user accounts.

        This is a fair criticism. The confusion may be that there "OpenID the brand and foundation", and "OpenID the technology".

        It's unlikely that we'll rename these things now, but we do need to do more to distinguish them.

        > The second recommendation, continuing to assume I have guessed correctly, is to emphasize that until a user creates a unique (and very useful) "UniID" that no information is known to OpenID foundation or any other affiliates until the user himself shares that information (means or necessity of doing so currently unknown to me).

        This is true. Note that the OpenID Foundation NEVER receives information about you when you sign in, unless you sign in to the OpenID Foundation website.

        > Third recommendation – clarify the difference between a user account, a userid, and the passwords for all OpenID participants.

        Ok.

        > Forth recommendation - put an interactive tutorial online to walk you through the steps, the written instruction are pretty bad.

        Agreed. We'd like to improve this as well.

        > QUESTION: Is my actual username (from whatever OpenID account used) actually shared with the logged into site? For example if I use my Google ID (my.name@comcast.net) to log onto OpenID website: StealYourIdentity.com, does the website get the actual Google ID or just the fact it is a legitimate OpenID login?

        The site that you're signing in to will get a unique identifier for you — usually a URL that no one else can use. They MAY also get a username, your email, or other information depending on how you set up your preferences.

        Hope that helps!

        Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

        @chris_miner: where did you try that OpenID URL? It should work — if not, perhaps the site implemented OpenID incorrectly?

        Clearly Google needs to make this easier for people — it's frustrating that they've made it so confusing.

      • 3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
          Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

          It's just like having multiple email accounts. You use whichever OpenID suits you best, or that you trust the most. It's also important that you remember which one you use most often — because it'll be used as your ID the next time you visit a site that you login to with your OpenID.

        • 4 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
            Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

            Because the OpenID Foundation is not an identity provider. Nor can we officially endorse any particular provider.

            We could probable improve the language so that we're not making a false promise, I suppose...!

          • 4 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
              Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

              We've discussed removing the fees, but they're currently in place largely as a token of seriousness of one's participation. If you would like to get involved and advocate for these changes, you should join the board@openid.net mailing list and make a motion.

              Cheers!

            • 1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                Wow, you're totally right. That's a pretty big oversight. Thanks for bringing it up. I believe we had plans to provide a directory, but I don't think we ever made good on them.

                For now, there is a directory maintained externally:

                http://openiddirectory.com/

                It's true that we should have this functionality in the site itself. Thanks for bringing it up.

              • 7 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                  Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                  Thanks for pointing this out. We do need more information about security on the site.

                  There's a good write up about OpenID and security here:

                  Http://OpenIDExplained.com/

                  Quote:

                  Is OpenID secure?

                  OpenID is no less (or more) secure than what you use right now. It's true that if someone gets your OpenID's username and password, they can usurp your online identity. But, that's already possible. Most websites offer a service to e-mail you your password (or a new password) if you've forgotten it, which means that if someone breaks into your e-mail account, they can do just as much as they can if they get your OpenID's username and password. They can test websites with which they think you have an account and ask for a forgotten password. Similarly, if someone gains access to your OpenID, they can scour the Internet for places they think you have accounts and log in as you... but nothing else.

                  Regardless of whether you use OpenID or not, you should be careful about your username and password. When you type your username and password, make sure you're actually on the website you think you are (i.e., check the address).

                  As for your second question... always make sure to watch the URL bar when signing in to your OpenID provider — that is, ONLY give your password to the website that you got the password FROM — never give out your password on someone else's website.

                  OpenID ONLY works when you're redirected back to your identity provider at least once. If someone else is asking for your OpenID password who is NOT your provider, then it's a scam.

                • 1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                    Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                    Do you have a proposal, or are you just suggesting that OpenID.net be offered in other languages?

                  • 16 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      2 comments  ·  Usability  ·  Flag idea as inappropriate…  ·  Admin →
                      Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                      Thanks, we could really use some help here! What would you recommend for getting this started?

                    • 8 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                        Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                        Try this: www.openidexplained.com. We're working to incorporate this kind of information into the OpenID website.

                      • 6 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                          Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                          What's specifically annoying about it?

                        • 56 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            started  ·  7 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                            Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                            This is already being worked on through the WebFinger project, and was previously attempted with the EAUT (Email-Address to URL Translation) project.

                            http://hueniverse.com/webfinger/
                            http://eaut.org

                            Thanks for the suggestion!

                          • 114 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              15 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                              Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                              Not sure why, Matthias. That's weird.

                              I think this is a great idea and something we've batted around. Not sure what it would take to get it done, but thanks for the request.

                              Chris MessinaAdminChris Messina (Admin, OpenID) supported this idea  · 
                            • 3 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                Hmm, are you saying that you don't know where to use your OpenID? What were you specifically trying to do?

                              • 1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  4 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                  Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                  @chris24: the idea is exactly that — to standardize around a popup-style interaction: http://openid.net/2009/09/25/more-powerful-and-easier-to-use/

                                  Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                  How would you suggest achieving this when there is more than one identity provider (i.e. if Facebook Connect is only ONE of MANY options?).

                                • 4 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    5 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                    Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                    Yep. The problem is that the Google OpenID URL is SUPER-unfriendly (https://www.google.com/accounts/o8/id). So even though we COULD tell people to use that, virtually no one would remember it. We're hoping to get Google to change it, so we also wouldn't want to spread information that changes later...

                                  • 1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                      Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                      This is the concept behind Activity Streams (http://activitystrea.ms) and Discovery. Of course, we haven't finished with the discovery portion yet, but progress is being made, and hopefully will lead to what you've described (thought probably need not be an OpenID extension, but instead default to standard feed discovery).

                                    • 6 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                        Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                        Great — are you interested in volunteering? ;)

                                      • 3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          2 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                          Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                          Well, you're raising a criticism of Google's particular implementation of OpenID... not the spec itself, but I feel your pain.

                                          To use Google as your OpenID, you either need to look for a big Google button or type this long URL *yuck!*: https://www.google.com/accounts/o8/id (you can also use (http://tinyurl.com/gopenid for short).

                                          Sorry about your experience — but do let Google know that you don't like it!

                                        • 28 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            6 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
                                            Chris MessinaAdminChris Messina (Admin, OpenID) commented  · 

                                            I presume that Facebook, like most companies, will choose to keep such product plans/features private. But, you can of course ask them.

                                          Feedback and Knowledge Base