Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

Think Twice About Supporting OpenID

By Adam DuVander September 19, 2008 Categories: Web Basics

OpenIDYou probably remember that we’re big fans of OpenID. The concept, a single sign-on that is owned by no one, is too good to not support.

Developer Dare Obasanjo sees the promise of OpenID, but he also cautions not to blindly support OpenID on your site. He shares his OpenID lessons learned:

  1. The Problems OpenID Solves for Web Developers
  2. The Ideal OpenID User Experience
  3. The Risks of Using OpenID
  4. White Lists are Key

Some of these may not be new to you. One of the major complaints with OpenID is that the experience is sub-par and confusing to non-techies. While most people don’t notice the change from one URL to another, they do notice the sometimes jarring difference in site design. Similarly, with many users prone to phishing, one layer of security might not be the best solution.

The system is set up so that users choose providers they trust. But what about developers trusting the provider? Obasanjo brings up good points about improper validation and identity recycling (Hotmail, for example, deletes accounts after a few months of inactivity).

White lists are probably not the solution to the problem. That could take the “open” out of OpenID. If I have my own domain as my OpenID, do I have to contact thousands of sites to get my domain white listed?

There are many issues ahead of OpenID, but it’s an important part of the web’s future. To me it’s not a question of whether to support OpenID, but how. Luckily, there are people like Dare Obasanjo thinking critically about it. What do you think it will take to make OpenID work well?

See also:

Tags: OpenID
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year