AdminChris Messina (Admin, OpenID)

My feedback

  1. 194 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    35 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Thanks for the suggestion. I worry that people might start using that "demo account" on other websites, and once it's turned off, they'd be locked out of their accounts. Such an "open" OpenID provider might also be used for spamming purposes, so it might not be a great idea either.

    We certainly need to make it more obvious how OpenID works... to that I end, I mocked up one approach: http://www.flickr.com/photos/factoryjoe/3841182425/in/photostream/

  2. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    Good point. That's a bigger challenge with OpenID in general... akin to the "forgot your email address or username?" challenge...

  3. 12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    I think the issue is that we haven't well specified how RPs should allow people to associate many ids and OpenIDs to their accounts. This is called "account linking" or "identity consolidation". Facebook actually does this fairly well (even though they haven't exposed it on facebook.com):

    http://www.flickr.com/photos/factoryjoe/3710821195/

    Other examples:

    http://www.flickr.com/photos/factoryjoe/415701438/
    http://www.flickr.com/photos/factoryjoe/2866344599/
    http://www.flickr.com/photos/factoryjoe/3134299086/

    But you're right — this is something that's left to each provider. We can only really provide guidance.

  4. 74 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    8 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →

    There’s nothing in the OpenID protocol that would really allow this, especially from the data side of things. Unlike, say, credit cards, where you can transfer your balance between different providers, data transfer between different OPs requires a bit more leg work.

    What kind of data are you talking about?

    AdminChris Messina (Admin, OpenID) commented  · 

    I don't understand how that would work... that would suggest being able to merge multiple URLs... and the only way that would work would be through redirects or forwards, which of course wouldn't work on identities that you don't host or control.

    How do you envision this working?

  5. 1,071 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  372 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    We're working on this — it won't happen right away, but in the next few months, I think that we'll have several reusable messages for addressing different audiences.

  6. 27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  4 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    ideas.openid.net is hosted by UserVoice.

    As for the cert on OpenID.net, I can ask around and see what the thinking is so far.

  7. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    @malcolmhathaway: I think convenience, utility and usability will accelerate the use of OpenID. Once that happens, additional security services will probably become more attractive.

    AdminChris Messina (Admin, OpenID) commented  · 

    Yep, this is possible with OpenID, and folks like Yubikey are already doing this.

  8. 4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Ideas  ·  Flag idea as inappropriate…  ·  Admin →
    AdminChris Messina (Admin, OpenID) commented  · 

    A couple responses... You should take a look at the "Identity in the Browser" project:

    http://idib.googlecode.com

    It leaves a lot to be desired, but it's an effort to get OpenID into the browser.

    Second, that the browser "knows about all your accounts" is a large part of why I thought Flock should be a browser and not a bunch of extensions. The browser is in the perfect place to act as the user's agent!

    Lastly, about RSS... it took a lot more than just a browser button -- you had to convince publishers to actually support the format! That's the hard part -- similar to getting more sites to support signing in with OpenID. We're working on it — and having folks like you out there able to tell the story of OpenID and explain its benefits is critical to our success.

    AdminChris Messina (Admin, OpenID) commented  · 

    That's a curious point. Do you have specific ideas for how they could better support OpenID? The large companies are very involved in driving the technology and supporting the Foundation, but, apart from Yahoo, there isn't too much public documentation about their support for OpenID for regular internet users.

1 3 Next →

Feedback and Knowledge Base