Not logged in. · Lost password · Register
Forum: Support Ideas and suggestions RSS
OpenID in UNB
Page:  previous  1  2 
Avatar
Yves (Administrator) 2008-02-20, 20:58 #16
User title: UNB developer & webmaster
Member since Jan 2004 · 3814 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
In reply to post ID 9491
Akos, you forgot the link in your posting.

Anyway, I've quickly looked into OpenID for half an hour or so now. Here's my summary. Please correct me if necessary.

Instead of entering a username and password to log into a website, you just enter your OpenID URL. This URL leads to an OpenID server that can distinguish between the web services I want to use. The web service asks my OpenID server whether it can get some information about me, which I can accept or deny. If I accept, the web service will know the personal data about me which I otherwise would have entered manually in their register form. (Of course I have first registered with my OpenID server.) To accept such a request, I need to keep the web interface to my OpenID server open in another browser window/tab. When logging into a web service, I am thus interacting with two web sites simultaneously. I must be logged into my OpenID server (through plain old username/password) for it to accept any requests from web services at all. Otherwise anybody (i.e. all web services I use) could log into any web service I use with just my OpenID URL and no password, which wouldn't have to do anything with security.

The key disadvantages of OpenID that I see now are:
  • You need to either trust an OpenID server (this is where MS Passport failed before, only that you can choose your provider this time) - or be a web site owner yourself with sufficient skills to run your own OpenID server that you can fully trust. This makes a very small number of people who really have an advantage over MS Passport.
  • You need to log into your OpenID server at the same time when logging into a forum (or any other web service) using OpenID. This seems very intricate for just checking in for new postings in your lunch break. It also distracts you with a second browser window/tab.
  • The PHP code libraries I found were larger than the entire UNB2 code is by now. (Zend's one is somewhere around 130 kB, the official openidenabled code is more than 300 kB!) Why would I use a login system that is twice as complex as a web forum?

Please correct all of my points or I won't see any chance to ever support OpenID. I'm still very much more fond of Microsoft's CardSpace, which is slowly beginning to be available to PHP and with still unclear availability for Firefox or non-Windows platforms. But it doesn't involve any additional web site or centralised provider which holds my personal data, and the PHP library (from Zend) is currently a bit smaller that the one for OpenID. Maybe smaller ones show up in the future since this all still very new.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Yves (Administrator) 2008-02-26, 23:41 #17
User title: UNB developer & webmaster
Member since Jan 2004 · 3814 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
"Why OpenID leads to Information Cards"
http://www.identityblog.com/wp-content/images/2008/02/Open…

Sounds reasonable. Information Cards (Windows CardSpace) solve a serious problem that OpenID suffers. WCS can help OpenID avoid that problem, but that directly renders OpenID unnecessary as you could as well use WCS alone.

Sadly the WCS setup on my computer is broken for an unknown reason, so I cannot do any tests with Internet Explorer anymore now. Fixed again.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
This post was edited on 2008-02-27, 11:15 by Yves.
Avatar
Yves (Administrator) 2008-02-27, 15:57 #18
User title: UNB developer & webmaster
Member since Jan 2004 · 3814 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Update: It looks like identity 2.0 is by far not as perfect as everybody wants it to be.
http://blogs.msdn.com/vbertocci/archive/2007/01/15/uniquei…
http://idunno.org/archive/2008/02/02/certificates-informat…
I'm sure there's more like that...

I have currently dropped all plans to support anything of that stuff. Future user management concepts from me (like in UNB2) are designed to be extensible to whatever comes in the future. But I don't believe we need OpenID or CardSpace in their current form. It has all the charme of a laboratory prototype, not something you could let end users deal with. Sorry.

PS: Feel free to write your own plugin for it and use it in your own forum or publish it here. I won't stand in your way! I just meant that I'm not doing it myself.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Akos Szederjei 2008-03-12, 15:13 #19
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
In reply to post #16
RL crashed down on me, and lost sight of out topic here.

The link is: http://simonwillison.net/. Sorry.

Just for the sake of answering

1. OpenID there is a choice whom I trust. In password there isn't.
2. You only need to login, no tab has to be left open. And Verisign even has FF addons for OpenID to avoid phising and co.
3. I can not commnet on the PHP code. because I am no programmer, sorry. (Easy way out: :) )

Identitybolg.com's problem is something I do not understand. I log in to an evil site, which sends me to a fake OpenID site. Beside that one always checks the URL, at i FF, there tools to avoid this problem. Clicking on pictures is a solution for now, but this is the same problem then telling the user to not to click on links in spam mail.

Thanks for taking time to look over OpenID.

Cheers
evadim 2008-05-13, 08:39 #20
Member since Feb 2008 · 1 post
Group memberships: Members
Show profile · Link to this post
Quote:
http://xmppid.net/
Welcome to XMPPID.net
You can use this service login into OpenID-enabled websites with your Jabber ID.
Just use xmppid.net/your_jabber_id as your OpenID Identifier.
Avatar
puck 2009-01-15, 18:04 #21
Member since May 2008 · 13 posts · Location: Warsaw, Poland
Group memberships: Members
Show profile · Link to this post
Yves, when you (user) log in via OpenId, the board should redirect you to the provider (Yahoo for example). Then you log in to yahoo account (if you arent already) and accept the request. You`re redirected back to the board. So there are no "two tabs open".

Try it out yourself. http://skitch.com/signup/openid - this is an openId-enabled website. You may use xmppid.net for your provider.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Page:  previous  1  2 

Go to forum
This board is powered by the Unclassified NewsBoard software, 20110527-dev, © 2003-2011 by Yves Goergen
Page created in 285.5 ms (128.1 ms) · 73 database queries in 147.3 ms
Current time: 2012-02-08, 09:38:11 (UTC +01:00)