On Fri, 2009-04-24 at 11:36 +0100, Bill Crawford wrote: > On Thursday 23 April 2009 20:54:34 Callum Lerwick wrote: > > On Wed, 2009-04-22 at 22:46 +0200, Kevin Kofler wrote: > > > Callum Lerwick wrote: > > > > That doesn't make them wrong about OpenID's UI sucking. > > > > > > A proprietary Google "standard" "based on OpenID" isn't a solution to > > > that though. > > > > Yes it is a solution. A monopolistic Google only solution, but it's a > > solution. > > > > That's why I'm saying we better come up with an un-biased free solution, > > and do it fast. Before Google gains ground. > > It is NOT a monopolistic Google-only solution, that's what became clear after > actually reading a particular comment *FROM ONE OF THE DESIGNERS OF OpenID* on > that blog post. > > About half-way down, quote: > > > David Recordon > Oct. 30th, 2008 at 12:51 am > > Google is taking advantage of a feature in OpenID 2.0 known as "Directed > Identity". This allows an OpenID 2.0 Relying Party to start the OpenID protocol > flow using a known URL (Yahoo!'s is http://openid.yahoo.com/) to allow for "one > click" style login dialogues. By performing discovery on this URL, using the > XRDS XML format, the OpenID Provider advertises the OpenID Endpoint URL for the > Relying Party to make a request against. Google is doing this correctly with > the URL to perform discovery against being > https://www.google.com/accounts/o8/id. Say I'm Joe Blow. I run Joe Blow's OpenID Provider off a server in my house running off a business class cable connection. I got to LiveJournal, and I want to log in using Joe Blow's OpenID Provider. How does livejournal.com know to display a "Login using Joe Blow's OpenID" button without me having to cut and paste or type anything first? I don't see any way to do it without needing some kind of interaction with the browser. I'm not seeing how Directed Identity prevents web sites from having to hard code every possible OpenID provider. Which will still leave out the little guys like Joe Blow. THAT is what I mean by monopolistic and biased. Near as I can tell Directed Identity does nothing to address this kind of automated discovery. > As for using email addresses as OpenIDs, this is something the OpenID > community is talking about quite a bit right now; Google included. Having to type in a domain or an email address is NOT an improvement. This should require NO typing. The user should see no URLs, no domains, no emails, they should see nothing but a button to click.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list