There is a openID mailing list set up if anyone has any technical questions, general@xxxxxxxxxx -Nate On Fri, Feb 5, 2010 at 4:57 PM, haliphax <haliphax@xxxxxxxxx> wrote: > On Mon, Feb 1, 2010 at 9:54 PM, Michael A. Peters <mpeters@xxxxxxx> wrote: > > > Daevid Vincent wrote: > > > >> > >> > >>> -----Original Message----- > >>> From: Al [mailto:news@xxxxxxxxxxxxx] Sent: Monday, February 01, 2010 > >>> 12:09 PM > >>> To: php-general@xxxxxxxxxxxxx > >>> Subject: OpenID > >>> > >>> This is a bit off subject, but.... > >>> > >>> What is your opinion on OpenID? > >>> > >> > >> Failed gimick. Tried to resurface again about a year ago. Still seems > like > >> failure. > >> > > > > ++ > > > > Session ID hijacking is bad enough, it gives the malicious user access to > > one resource. > > > > OpenID hijacking gives the malicious user access to a ton of resources. > > And what does a user do when their OpenID provider disappears? > > > > > I think Michael hit the nail on the head as far as my concerns are.. well.. > concerned. :) Google's OpenID provider seems like it would be around > forever > and whatnot, but if you're going to rely on one of the "big" OpenID > providers, then it would appear that OpenID itself is useless. Facebook's > OpenID, etc., are on shaky ground at best. > > I use a few sites that leverage OpenID as their login process, and I've got > to say--it's very convenient. However, I only use my Google account for > OpenID logins, so to me, it's really just a Google connector. > > I commend everyone involved for their effort, but I think the underlying > principles need to be re-examined. It feels like they rushed the whole > concept into production before too many of the fundamental issues had been > discussed and dealt with. > > My 2c. > > > // Todd >
