Slashdot Mirror
Google Adopts, Forks OpenID 1.0
An anonymous reader writes "Right on the heels of Microsoft's adoption of the OpenID protocol by announcing their intention to enable OpenID authentication against all Live IDs, Google has announced their intention to join the growing list of OpenID authentication providers. Except it turns out they're using their own version of OpenID that is incompatible with everyone else. It seems that Google will be using their own 'improved' version of OpenID (based upon research and user feedback of the OpenID system) which isn't backwards compatible with OpenID 1.0/2.0, in hopes of improving end-user experience at the cost of protocol compatibility and complexity."
OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.
Everyone else's vision statement:
Fuck OpenID, I'm in control now.
My work here is dung.
just fork it!
Substitute Microsoft's name for Google and it'd be just another day in tech. Interesting to see Google doing this though.
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
if microsoft did this, the hoardes would be eviscerating the company
if google does this, watch the defenders come out of the woodwork
slashdot bias: microsoft bad, google good, apple shrug
its not the year 2000 folks. google is not some little darling upstart anymore. update your bias accordingly please
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Embrace and extend — all the while doing not evil. No, absolutely not.
In Soviet Washington the swamp drains you.
Google OpenID: New and improved personal information gathering.
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
I mean, if I can't use my Gmail address to logon to websites that actually support OpenID, then why would I bother? Not only that though, does it support non Google addresses hosted on Google Apps? (E.g. sexygrrl@example.com)? If not, then even bigger fuck off to it.
Meh, sounds a bit like another "Passport", fuck that, I don't want a big (or little) corporation controlling my ID.
Anyway for the ignorant and lazy:
http://en.wikipedia.org/wiki/OpenID
I wank in the shower.
and I think that's what google is aiming for. With google and microsoft in the picture, there will be at minimum 3 different and incompatible versions of OpenID. Not to mention the mentality that "microsoft and google are extending this, so should we!".
When all is said and done there will be 10s or 100s of forks.
They're taking a "slight departure" from OpenID 1.0, but are still compatible with OpenID, according to the very same documentation.
So, does that mean they're supporting OpenID 2.0? Some protocol that's similar to OpenID but not 100% compatible?
It's too early to draw any conclusion because the "article" is so light on details of how exactly this is different from OpenID that it's humorous.
Doesn't this kind of, you know, defeat the purpose of OpenID?
.... one evil "embrace and extend" empire to another....
What does it matter that google is going to use their own version. All the sites that use OpenID are just providers. Nobody accepts the OpenIDs created at other sites so they might as well be completely different.
OpenID usability sucks.
There, I said it. It's true. My computer-illiterate dad just wants to post a comment on a blog, or to login to a new website. You can't possibly expect him to do something as complex as reading up on what OpenID is, signing up for an OpenID account on a totally different website that has got nothing to do with the original website that he was on, and then logging in by entering a long magical URL. People like him - average users - have trouble enough understanding usernames and passwords! The recently published OpenID usability study confirms all the criticism that I've had on OpenID.
While OpenID is technologically sound, its usability is not. If Google's version is more usable, but is still open, then I'd gladly support it even if it's not compatible with the "official" OpenID standard. I don't care whether they're being "nice" or "evil" or whatever, I want better usability because software is supposed to be usable.
Yep, that's my question too. I was excited for a minute, thinking that I'd be able to suddenly use my Gmail/Google ID to sign into various OpenID-enabled sites ... but then they went and fucked it up.
They might as well have not bothered. The whole point of OpenID is interoperability. If they don't want to play along with the consensus, they shouldn't bother trying.
I'd really hope that whoever owns the OpenID trademark comes after them and forces them to stop calling whatever they're doing "OpenID". If it's not compatible with an existing specification, it's not OpenID. They will risk seriously devaluing their trademark if they allow incompatible implementations to use the name. They need to be ruthless about this. Google can do whatever it wants and call it "GoogleID", but if it's called "OpenID", it needs to be compatible with everyone else claiming to be that.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
...Google scares me more than Microsoft. Even as a die-hard Linux and BSD user, a FOSS zealot, I rest easy knowing Microsoft in its current form will likely be dead in less than a decade. Google, on the other hand, stands to become the Internet-age version of Standard Oil. This is the first "publically-visible" sign of their slide into Microsoft-like evilness, and unlike MS, they will probably be around a long, long time.
Think about it: the OS doesn't *really* matter (if it did OS X and Linux and all the rest would never have any users). Even MS knows this, as they prepare to break into the "cloud" market. Even the applications aren't *that* important now, with the number of people working on converters and programs like OpenOffice. What's important is data, raw information, and Google is a massive data broker.
Be very, very careful how much you trust to Google.
~Eien no Inori wo Sasagete~ Searching for my Hatsumi...
I don't know too much about OpenID, but in my understanding, you login with your website URL. It seems google is letting you use your email address, which makes more sense (or would make more sense to normal users anyway, as people are used to being forced to enter an email in posting comments in blogs anyway).
It's a good thing!
You see, it is OPEN, right? I mean, it says so right in the name of the protocol *OPEN*ID right? And google is cool right? So OpenXyz + Google = Win, right? I mean, OpenID sucks, right? What is wrong with somebody embracing it and then fixing the problems by extending it to be better? Nothing. After all, it is OpenID.
I think if I ever start a company that publishes the most evil DRM spec on earth, I'd probably name it OpenDRM or FreeDRM just so I can win over the Slashdot crowd. As long as it has Open or Free in the name, you can pretty much get away with murder, especially when your Slashdot corporate karma is "excellent".
But seriously, OpenID needs more then a face lift. For starters, based on my experience with Stackoverflow, browsers need to auto-fill the OpenID box with my URL, er, login name (cough). Then they need to boot out any fool who things the "login" should be anything other then an email address. Whoever dreamed up using a URL for a login wanted the spec to fail. Oh, and then when they are done with that, how about moving it down the network stack so that the damn thing can be used to authenticate against protocols other then HTTP, like say, IMAP or something. Oh wait, except OpenID was never intended to be used to authentication... or was it? Nobody really knows because even OpenID proponents says you shouldn't use it for anything other then trivial accounts and if you use it for anything else, you are mis-using the spec!
Google is a research company; they're doing research. They are improving OpenID, in their opinion. Nobody relies on Google OpenID, they haven't stepped up to make an OpenID implementation and then started adding extensions, and finally broken compatibility to force conversion to their special vendor-locked-in crap. They've come out and said, "We are going to implement something new, based on OpenID."
Wait until Google Docs stops exporting to deprecated MS Word 97 format (and ignorers .docx entirely), but does export to Google Document Format for their new Google Desktop Office; then you'll see Microsoft behavior.
Support my political activism on Patreon.
Google takes their clout and tells the collective community just where they can stick it and how far.
From previous experience, it can only be assumed that they will continue with this approach until they adopt the same way of thinking and business practices of other large corporations with too many heads and too much power. It's not their fault, they can't help but to do evil when they get this big.
Hopefully, it will bite them faster and harder than it did Microsoft.
I already keep google's presence as close to nill as I can in my life and pretty much limited it to gmail for a public internet mail address and their apple safari embedded search bar. I refuse to use firefox as my personal browser since it clandestinely pings to a google address without my consent, (you can verify this with the tamper data utility... just turn it on and wait, firefox will ping google) which I find to be rather shitty and makes me rather distrusting of the amount of trust 3rd parties give google. I will have no problem abandoning these guys if they go the route of the monopolists.
My attitude toward google has been a couple stiff middle fingers for the last couple years. This just reinforces my belief that their "Do no evil" spiel is as good as the paper it was written on.
I've used and advocated Google for many years, but I'm getting really close to dropping them all together. They are one single company that has probably more personal data on every Internet user then anyone, and with that trust comes responsibility... but they've been very non-responsive to most Internet users as of late.
I'll probably never be able to drop them completely since they do have the best search engine, but as a portal site for pretty much everything, email, newsgroups, etc... I think they're becoming way too big for their own good.
kdewallet
OpenID is a "standard". SAML is a "standard". Everyone seems to implement them slightly differently -- but at least folks are publishing how they're doing it, which is more than I can say of how things were 5 years ago.
Did Google and Microsoft just switch places? Wasn't it just a decade or so ago when Microsoft was releasing its "own" version of protocols an refusing to work with standardized work?!
1. Do they make it possible for everyone else to implement exactly what they are doing, on both the producer and consumer end, without any patent restrictions, royalties, or discriminatory licensing?
2. How close is what they are doing to the latest version of the standard, not 1.0?
3. Do they try to get what they are doing into version 2.1 (or whatever) of the standard?
4. Do they really have a reason for doing this? Like making the login easier for normal nontechnical people rather than you and I?
Bruce
Bruce Perens.
Best thing for the 'tubes at large would be a firing squad for OpenID. The entire concept is a black hole of practical thinking and a security nightmare. Even an "improvement" of the OpenID idea can't help but fail. Now, if this Google initiative somehow leads to the creation of a real, secure, validated, easy-to-adopt, easy-to-use authentication service, then some good will have come from it.
I'm not really addressing your conclusions here, I'm just wondering about one of your assumptions...
Think about it: the OS doesn't *really* matter (if it did OS X and Linux and all the rest would never have any users).
If the OS didn't matter I'd be using Windows. It's because the OS matters that there's more than one OS out there.
Can you explain what you mean here?
I've got one word for you
Huh? No seriously. Huh?
OpenID is just so damn unintuitive that nobody really gets it. It is a fucking login. Why can't it be an email address? Why can't it resolve the right place to conduct authentication business via DNS the same way SMTP gets it's MX record based on everything after the @domain.com?
Seriously, the more people try to explain it, the more it just makes peoples eyes glaze over. All they see, and all I see, is a fugly looking URL that is supposed to magically authenticate me, only as a web developer, I'm told I can't actually trust the authentication because the protocol wasn't designed for it. Or something. My head spins now.
Check out stackoverflow.com, it exclusively uses OpenID for account info.
The problem from Google's perspective is that the user doesn't have a Google URL, they have a Google username, and that's what the users think they should enter in order to log in.
So, in stead of typing in something like http://username.openid.google.com/ the user selects "Google Account" from a drop-down box, and types in his user name. (Which is functionally equivalent to MS Passport.)
When I log in to a blog and leave a comment with my OpenID, my OpenID URL is displayed as the unique identifier of the author attached to that post.
This presents a problem for Google Accounts as OpenIDs because while URLs are intended to be public ready-to-be-displayed information, a Google Account username (which is easily translatable into an e-mail address) is not.
Therefore, the URL that Google needs users to enter is something like http://nickname.openid.google.com/ but they don't know that that's what they should enter (because they don't know how OpenID works), and so Google is providing a way for sites to translate a Google-authenticated ID into something like an OpenID.
I think if they're going to do this, that they should also offer a way to do it directly, with a URL, for normal OpenID sites that don't support their little proprietary system, and make efforts to wean users off of the proprietary system by showing them their OpenID URL and telling them how to sign in normally.
...because "hacker" sounds way sexier than "code drone."
I really don't understand why OpenID should be so heard to implement.
Here's what I think it should look like:
Any email address from any large provider that registers with openID is fair game.
name@gmail.com, name@yahoo.com, name@live.com, etc.
Setup a basic API where any new website, forum, blog, etc can simply post that email and password to the appropriate place, and come back with a response.
Essentially:
web site with login form ->
openID site ( deciphers email to decide where to validate) ->
passes user info to appropriate provider, provider replies back with either AUTHENTICATE or FAIL
openID -> original forum returns this message
For legacy websites you could simply create a column in the users table to link the openID email to the existing username.
No Party
But yea, fuck you Google. Fuck you, and the fork you rode in on.
No tyrant thrives when every subject says no.
Dear AC,
This is an understandable assumption but doesn't reflect the facts. For example, Symbian has purchased consulting services from me. If you look here, you'll notice that I am not afraid to criticize them.
Had Google taken me on and allowed me to work on the PR for this, I would have had them communicate about it differently. It's no trouble for Google to get this stuff back into OpenID, but they obviously didn't take the trouble to assure people that would happen.
Bruce
Bruce Perens.
I think we can ignore Microsoft, as their embrace/extend/destroy philosophy has remained consistent for decades. If they join OpenID it is only to destroy it from within. But this story is a bit crap.
"As Google points out, this isn't OpenID. This is something that Google cooked up that resembles OpenID masquerading as OpenID"
So if Google says it isn't OpenID how is it masquerading as OpenID? It sounds like they like the OpenID architecture so have copied it for internal use. Why not? They want to lock in their users, same as they want to cripple Android, and feel they have the mind-share and marketing muscle to do it. From what I've been reading OpenID is over-complicated, lacks mind-share, and a number of people would rather not have a single pass at all.
Rather than embrace and extend, it sounds like Google are preparing for an embrace then possible fall-back. They pinch the best bits of OpenID and add their own, but if there is overwhelming demand for it then being 99% compatible then it should be easy to switch if necessary.
How many Slashdot readers have written to their favourite site demanding they support OpenID for their own convenience? My guess not many.
Phillip.
Property for sale in Nice, France
The cycle of a hip young company usurping the stagnant incumbents, only to become a stagnant incumbent itself, continues.
Where is Google's successor?
I'll be the first (albeit a little late) to admit I thought Google was pulling a MS for a moment. So what would call for revising the standards? Well let's say you have a lemonade stand. What if your normal set-up doesn't provide all the things you (and your customers) would like out of your lemonade stand? That's where you go out and implement these features. Google would find out what the users would like and then make it happen. MS would start selling orange juice. Now wait, that's not what NORMAL lemonade stands do! Well you're right. If a standard itself is causing problems for the user and the operator than there's more than likely a problem with the standard. (Or you have really bad operators.) If the changes were for the better, other stands of the like will do the same. Eventually, you bring forth better standards. This, like the lot of things is a double edged sword as we also end up with a lot more orange juice stands. They haven't wronged (me) us yet, anyhow.
1) Embrace
2) Extend
3) ?????
4) Profit!
I'm probably reading this incorrectly, but... In the worst light, Google has come up with an authentication scheme that is incompatible with everyone else's implementation of OpenID.
Or in other words, they aren't really supporting OpenID... just like every website I use right now. So this is "evil"?
We wouldn't have to worry about this OpenID nonsense, if more of us had signed up for AdultCheck years ago...
Google must have gotten role confusion when Microsoft took on the open standards approach. They were so ready to be in conflict with Microsoft that they defied their own policies in order to produce a conflict of interests. What's the point of accepting an open standard when you're turning it into an incompatible closed standard? Would they rather everyone accepted GoogleID or are they going one further? If they're going to be so proprietary, why not trash the entire standard and just start from the ground up? Why go half-douche when they can go full-douche?
Well, since it's Google I'm sure everyone (see: slashdot) will rationalize how this is somehow "right for the web". Somehow, embracing an open standard by closing it off will be twisted to sound like a good thing. I think it's time for Slashdot readers to start gauging their own hypocrisy and thinking about this objectively. Admit it, people-- Microsoft is the good guy in this one. Take off your tin foil hats for just one second and see the light.
Having implemented OpenID 1.1 Relying Party support myself, I think I can definitely see what Google is up to, and it isn't evil, people. OpenID 1.1 was elegant simplicity. Our team built OpenID Relying Party support in just a couple of days without even using any external libraries. OpenID 2.0, on the other hand, is a disaster. Its architecture reeks of design-by-committee. There were four different groups vying to define the standard for single-sign-on for the web, so what did they do? They basically just glommed all of the different technologies together and called it OpenID 2.0. There are all sorts of things you have to support, like I-Names (which no one is going to use). In the end our team decided to just implement OpenID 1.1 and rely on the recommendation for backward compatibility which is built into OpenID 2.0 (a recommendation which Yahoo ignored, btw).
So it's very possible that some engineers at Google said "hold on a minute. This sucks. OpenID 1.1 made a lot more sense, let's build out from there and see if it's something that the Internet community accepts."
It may even come to pass that both OpenID 2.0 and Goopen-ID both end up specifying backwards compatibility to OpenID 1.1, which would be great because it would effectively halt the progress of the over-engineered OpenID 2.0 and put us back on a saner path.
Let's not call Google's plans evil until we see where this goes. It could end up being something that finally puts this useful technology into some widespread use.
Tired of FB/Google censorship? Visit UNCENSORED!
OpenID == Passport
Websites == Countries
Password == That picture of you
When you visit a website (country), they want to make sure it's you so they as for you OpenID (passport). To verify the OpenID (passport) is yours, they ask you to type in your password (compare your face to the picture) and contact your ID hosting website (scan your passport).
Every one of these major players (Microsoft, Yahoo, MySpace, etc) are OpenID providers. Being a provider means that the users of your site are free to use the identity you provide them with on any site supporting OpenID, but you are in no way obligated to support the use of identities from other providers. Everybody wants a single sign-on that revolves around their own brand. That, however, brings us back to square one, where users need a different username and password for each of these sites. The system is basically broken; it allows people to attempt to take advantage of it like this, and so they will. There's nothing forcing the big players to play nice with everyone else.
Maybe Google is as bad as the others, trying to take control of the system - or, maybe, Google has recognised this gaping problem and is attempting to solve it. I think I'll wait and see what comes of this fork before I accuse Google of being Microsoft's mini-me. They deserve at least that much, given their history of doing nothing but supporting openness.
It's open development if the extension is as open as the original standard. It's not an accepted standard until the standards group accepts the extension.
Is it an Open Standard if you can't extend it openly? I am entirely against closed extensions to open standards, and unnecessarily incompatible extensions, the classical "Embrace, Extend, Extinguish" stuff. But I am equally against standards being a ball and chain that prohibits further innovation. You should be able to produce an extension that you make open on the same terms as the original standard.
It looks to me as if Google is attempting to hit OpenID with a clue stick on a really obvious issue, saying "Normal folks use email addresses to log in, dummies!". And I am being told that what they are doing is really close to OpenID 2.0.
Bruce
Bruce Perens.
I don't want my e-mail address sitting there attached to my comment for all the world to see and add to their SPAM database.
I don't even want the blog I'm commenting on to have it. That's kind of the point: I can uniquely authenticate as myself, and there's a neat little link to my blog if you want to contact me or read more about/by me.
...because "hacker" sounds way sexier than "code drone."
Embrace, Beta, Languish!
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
One of the highly rated posts in the previous discussion pointed out that having a URL as your login essentially puts you in the hands of whoever owns that URL.
If Microsoft or Google or Sourceforge or LiveJournal or whatever authentication provider you happen to use suddenly decides they don't want to be in the authentication business any more, you could potentially find yourself locked out of your accounts on any number of websites and services for which you were using it.
A way around this is to provide a delegate. eg. If and when I use OpenID, I use my own website as my login. The page served up from that URL has a couple of Meta tags which points to my authentication provider and specifies my username with that provider. When I log into something, I'll (eventually) be redirected to that authentication provider and asked for my password. If the provider decides to shut down, I can switch to another one, and change where the delegate on my website points.
I still find it concerning for anything important, at least to the extent that I understand OpenID, which isn't too deep (so if anyone wants to correct me or elaborate on this stuff I'm definitely interested. Having my own delegate system means that I have to keep that website up and available for as long as I want to access all my OpenID-connected accounts. This costs money, and it also requires various skills. I can probably do this for the forseeable future, but most people couldn't either for financial reasons or because they don't have the skills.
Also from a security perspective, if someone happens to hack my website and changes the delegate info to point at an authentication provider of their choosing (to which they can authenticate), they'd potentially get access to all my OpenID-connected accounts... never mind that a rogue employee working at the authentication provider could also potentially log into lots of people's accounts all over the place.
I'll use my OpenID for convenient posting of comments on people's blogs and the like, but in its current state I wouldn't really want to use it for something important like my banking information, or anything else involving money or important info. I know enough about IT to know that I don't trust my own ability as a security expert, for one thing.
In this regard, its worth noting that Google has posted a bit of "public documentation" regarding its usability research in this area (see their Usability Research on Federated Login, for starters.)
So part of the spec requires my webserver to go *fetch and parse your personal web page* to see if it has a <link rel="openid.server" /> tag in it to meet the spec? Are you kidding me? No wonder people dont implement OpenID logins!
You are telling me to support OpenID, I now have to add an entire library to parse your no-doubt busted frontpage website to see if I should use you for openID or go redirect elseware!? What could possibly go wrong with that idea!?
Hah! What an *excellent* way to implement a DOS attack! Now I can get your website to hit my enemy's website by entering a FUCKING URL into your OpenID box!!!! Worse, I can get YOUR WEBSITE to eat up its resources hitting my slow, bloated page to see if I have a magic OpenID <link rel="openid.server" /> tag!
What a brilliant scheme! So many moving parts, so many points of failure, what could possibly go wrong!!!
What Google is doing sounds just like the crap Microsoft has done all these years. Extend and embrace, meaning... we will take existing protocols and intentionally break them to make everyones lives difficult.... because we can.
My karma is not a Chameleon.
That's not true.
They've provide a spec on its (fairly trivial) interaction (since developers couldn't use it otherwise), and they've provided recommendations and rationale on implementation approaches and UI design to support this approach (includign recommendations which presuppose other IDPs will also be using this design.) Other than actually providing a reference implementation of the black box (which is fairly simple: you send it an HTTP GET request and it responds with an XRDS document whose only interesting bit (and the only thing whose content isn't fixed) is the OpenID provider endpoint to URL to use -- if you can't implement a version of that for your own OpenID provider, you probably don't have any business implementing any kind of web application, OpenID provider or otherwise.
See Google's documentation here.
"I don't care whether I can login to Google with OpenID."
Wait a second, wtc? What does this have to do with anything at all? Not only have you not read about googles changes, you dont appear to know anything about the identity space.
No one anywhere logs in to their identity provider with their OpenID; they log in to their identity provider manually for the explicit purpose of authorizing their OpenID. If you could log in to a OpenID account with an OpenID url anyone could log into your account just by using your OpenID URL; there wouldnt be any security at all.
I really havent a clue what in my argument this line has anything to do with, nor whether this statement even makes any sense.
A Google Account is an email address with an associated password. If a site is going to let me log in with my "Google Account", the relevant email address is what they need to be asking for. Not an OpenID URL.
The extra step that Google added to the process that the blog post is freaking out about? It's a directory service that allows a website to accept an email address from the user and then ask Google for the OpenID endpoint associated with that Google Account.
Sure, it's an additional preliminary step that isn't part of OpenID itself. But it's a step that means the end user doesn't have to care about the fact that OpenID is being used behind the scenes: they just log in with their "Google Account", and the website and Google cooperate to turn that into an OpenID authentication exchange.
...in fact, I would *expect* Google to do this before implementing OpenID. The fact is, OpenID has some security issues:
http://www.gnucitizen.org/blog/hijacking-openid-enabled-accounts/
http://drupal.org/node/280592
http://seclists.org/fulldisclosure/2008/Aug/0123.html
What do you know, the last one was submitted by Google's own Ben Laurie of Google's Applied Security team. They have obviously been assessing the security of this product and we can conclude what the results were. There is no way Google will implement vulnerable code, if OpenID 1/2 is insecure (it is) and needs to be redesigned in order to become secure then so be it. The real problem IMO is that Microsoft *did* implement a system that is flawed.
When Google releases their (hopefully) secure version, I predict everyone will move to that and like it.
Once Google became a publicly traded company their only obligation transitioned to making a profit for their shareholders.
Yeah that sucks but it's reality.
Google: We do less evil than everyone else(tm)
Let the backlash and my modding down begin!
I cannot overemphasis the need to actually read the articles: Google is not supporting OpenID 1.0, they are supporting OpenID 2.0. This is exactly as they claim in the first article. The sensationalist second article linked above is claiming they somehow extended OpenID 1.0, when really it was the OpenID designers who extended it into its second form. Google is embracing the protocol as it exists.
If I were Google, I would demand a retraction from this guy for pushing this libelous garbage.
Fork it! We'll do it live!
Brad Fitzpatrick the creator of OpenID is working for Google now.
Maybe he knows better what they are doing.
Truer words were never spoken!
What a ridiculous headline.
To quote from the actual posting, "The initial version of the API will use the OpenID 2.0 protocol"
This version was developed by OpenID, and is incompatible with 1.0, but open in the same way for everyone to use, with a number of improvements... Google is forking nothing.
> Don't forget irrational thinking, -2i!
Dammit, man! You're going to make things complex!
Screw that. I'll do some transcendental thinking over a nice piece of pi.
If OpenID will allow someone to google my ID and get a listing of all posts I have made - forget it. I prefer to be anonymous.
An anonymous poster, conjugates an argument that Google is doing something Microsoft isn't, and postulates its something nobody else is doing. (looks over the article & site) No attributed author to the piece, the comments consider it misinformed, and the site claims a "non-profit" status while hawking ads for birth-control and the NRA. This isn't news: its anonymous cowards drawing us to their blog.
Life is irony, and nothing ever goes as planned.
That's what she said.
Actually, Google seems to be well placed to influence/extend OpenID development, given who works for them.
You aren't remembered for doing what is expected of you
People are afraid to talk bad about google for fear of their website getting banned from google.com by the google overlord AI. Skynet anyone?
Let's call it OpenID 1.0T
For some, it's a committee of one.
With MSOOXML MS only thought about their Office customers. And they didn't care about archivists and so on. So the MSOOXML standard is written to make the Office program easier to write and extend.
Archivists don't have any help.
But you still have all the bad sides of "design by committee" and none of the advantages of having other ideas in there.
ODF was designed by committee but with lots of views on what problems will be seen by users is actually more useful.
And being properly open, if in use it turns out to be wrong for one of those users, they can get a change put in.
MS won't accept changes from others unless it gives them more chances to sell Office.
The problem is even OpenID 2.0 doesn't work. People don't have a clue why they should be entering a URL in a login form, what that URL comes from, etc. It's much simpler for them to enter their email address, and have the site redirect to Google Login. Of course there has to be a way for the Google version and the OpenID people to get together and improve the standard itself.
"Ha! We will make our own OpenID! With the blackjack table and hookers! In fact, forget the OpenID thing..."
Embrace and extend anyone?
THIS SPACE FOR RENT
*snort*
The OS obviously does matter to the application, or else I would still be using FreeBSD on a Thinkpad instead of OS X on a Macbook. And I'd be happier. Certainly my wrists would be happier: Apple's hardware looks pretty but it's an ergonomic disaster.
The hardware certainly matters. Apple's restricted hardware kept me from getting a new Mac until the mac mini came out and I could get a desktop Mac that was actually an upgrade over my beige G3.
Applications matter, or (as noted) I'd be sticking with a free OS regardless of the available applications.
Someone who says "X doesn't matter" is trying to sell you something that doesn't do X. Well, except Chumbawamba. But they're artists.
It's all about compromise. I will never compromise with terrorist operating systems.
nt
Sorry to break it to you, but your email is not private. It never was. Deal with it.
There is one other advantage to using an email address coupled with the proper way to locate an OpenID server (DNS). It is backwards compatible with existing login systems. On your signup form, you can get your webserver to check if the email address has an OpenID account associated with it and offer to authenticate using that rather then your "legacy" methods. Every time a legacy user logs in, you could test to see if they finally have a OpenID account and then offer the same deal.
You can'd do that with some hair brained "URL".
I like the idea of entering your email address instead of some hard to remember URL that you don't use for anything else.
This would also allow for an email fallback, so _everybody_ could login through the OpenID form. (There's emailtoid, but it still requires you to register with them and remember the OpenID URL.) If the email host doesn't respond to the OpenID request and you're OK with plain email authentication, just send a confirmation mail to that address.
Of course as most here said, Google shouldn't have forked up the standard but asked nicely about extending it. Googocentric company is googocentric.
Oblig link when mentioning a bunch of competitors who are desperately trying to out-extend each other (with spectators in the background cheering: "GOO! GLE!").
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
All that time and energy spewing FUD and fantasy at Microsoft... and it turns out Slashdot's darling Teh Googel is the one screwing over OpenID.
So much for TEH GOOGEL IS TEH DUNT BE TEH EVEL!!11!! First Teh Googel is helping facist governments throw people in prison for trying to have free speech... and now they are "forking over" a FOSS darling.
I predict there will be a lot of sympathy for the devil here. Slashdot will never give up their MS hate, and will always love anybody competing against MS, no matter how monopolistic that company may be. Like Apple!
Goes to prove- when you stand for nothing, you fall for everything.
Microsoft hasn't been sitting on their hands, no. Now they have a new server (Geneva) and client (CardSpace) built into IE to provide authentication services... so long as your webserver and browser are Windows!
http://www.theregister.co.uk/2008/10/30/microsoft_generva_hailstorm/print.html