#1 is definitely a problem. #4 is silly — having multiple personas is a benefit if you want to use them. If not, you just ignore the ones you don’t use. #3 should be solved in browsers (there just aren’t any foolproof server-side solutions). #5 can be solved (and indeed already is, in some implementations) by hiding the concept of the OpenID URL by asking for a provider/username combo. What we need is a way to resolve a provider/username combo to an OpenID URL without knowing about the provider ahead of time — some sort of discovery mechanism. Maybe that already exists in v 2.0 — I haven’t looked at it very closely.
I’m still very much on the fence WRT to OpenID’s benefit to WordPress, however. Most sites don’t have registered comments. We’d be able to know that a comment comes from who it proports to come from, but that doesn’t seem to be a huge problem (and even if it is, it’d only be solved on sites with OpenID-enabled comments). I want it to be right for WordPress, but I’m just not convinced.
Not making a stance on anything, just following the conversation. 99% of what I read about OpenID is positive, so it was interesting to see someone taking the other side. I think critical arguments clarify your thinking a lot more.
I’d like to see OpenID implemented on a large scale (I’m sick of having to register every time I want to use some website), but, out of interest, are there any alternatives that purport to solve some of the same issues OpenID purports to solve?
I’m certainly receptive to criticism and agree with Matt’s perspective that alternative perspectives, especially to the contrary, if countered, can make an effort/initiative better.
Seeing a train of positive comments without detraction makes you really wonder if people are paying attention, so I’m eager to consider his feedback and respond.
Matt, I know. I was just trying to pressure you into giving some more opinion. I think OpenID is great, but no one has yet to convince me that it is the right move for WordPress.
first of all I have a lot of respect for Kyle Neath but I think there are a few things to be addressed
number 1 > OpenID service providers go bust/offline and logins cant have multiple ID’s…
partly true but since I have multiple ID’s depending on which one I present will be from one or another e.g. my work ID is going to be very differant than my blogging one look at infocards and how people use that…
login providers e.g. ma.gnolia provide it when it makes sense to do so… its up to them and us as customers…
number 2 > mobile web does not like url’s so OpenID not good.
Simple NOT true have you actually used the mobile web its all painful and systems for ID will provide autofill and infocard like service
number 3 > pishing and url scammers
provide all the security you can in helper applications and URL ID such as images and feedback… its a problem but really people have enough problem with simply using the same password everywhere anyway so lets not go down the philosophical vs practice of security route… people make mistakes help them to recover and prevent as much as possible is the rule to use…
number 4 > people dont understand multiple ID’s
complete nonsense very young children understand that presenting a different appearance to different people is a technique to achieve things most people see this well in the Work vs Play id’s that people have.
number 5 > its less user friendly because multiple steps
maybe but I dont think so by providing consistency people become more trusting and understanding of the process and look for this method exactly because it is familiar look at many workflows and mostly we do it because it is familular e.g. keyboard layout (-;
number 6 > multiple logins and multiple ID’s are good
I AGREE but we can have different levels within those logins and I would like to simplify DATA INPUT e.g. in one ID I can share my full home address or just the city to a different service provider chouseing the level at which I share personal data gives me finer control of what I send and means i DO NOT have to type it in each time and make mistakes and give up and go home when I presented with yet another form to fill in ! as a workflow its much better to chouse the ID and then the amount of data I want to share rather than making mistakes and not using the service…
scary but my opinions
I think should give people the option of OpenID simply because it can be useful
What’s your take on his points ma.tt, given that your onboard somewhat with your wordpress.com work?
I hope that by linking to this article, you’re making a stance to keep OpenID out of the WordPress core. I’d also like to read your thoughts on this.
#1 is definitely a problem. #4 is silly — having multiple personas is a benefit if you want to use them. If not, you just ignore the ones you don’t use. #3 should be solved in browsers (there just aren’t any foolproof server-side solutions). #5 can be solved (and indeed already is, in some implementations) by hiding the concept of the OpenID URL by asking for a provider/username combo. What we need is a way to resolve a provider/username combo to an OpenID URL without knowing about the provider ahead of time — some sort of discovery mechanism. Maybe that already exists in v 2.0 — I haven’t looked at it very closely.
I’m still very much on the fence WRT to OpenID’s benefit to WordPress, however. Most sites don’t have registered comments. We’d be able to know that a comment comes from who it proports to come from, but that doesn’t seem to be a huge problem (and even if it is, it’d only be solved on sites with OpenID-enabled comments). I want it to be right for WordPress, but I’m just not convinced.
Not making a stance on anything, just following the conversation. 99% of what I read about OpenID is positive, so it was interesting to see someone taking the other side. I think critical arguments clarify your thinking a lot more.
I’d like to see OpenID implemented on a large scale (I’m sick of having to register every time I want to use some website), but, out of interest, are there any alternatives that purport to solve some of the same issues OpenID purports to solve?
I’m certainly receptive to criticism and agree with Matt’s perspective that alternative perspectives, especially to the contrary, if countered, can make an effort/initiative better.
Seeing a train of positive comments without detraction makes you really wonder if people are paying attention, so I’m eager to consider his feedback and respond.
Matt, I know. I was just trying to pressure you into giving some more opinion. I think OpenID is great, but no one has yet to convince me that it is the right move for WordPress.
first of all I have a lot of respect for Kyle Neath but I think there are a few things to be addressed
number 1 > OpenID service providers go bust/offline and logins cant have multiple ID’s…
partly true but since I have multiple ID’s depending on which one I present will be from one or another e.g. my work ID is going to be very differant than my blogging one look at infocards and how people use that…
login providers e.g. ma.gnolia provide it when it makes sense to do so… its up to them and us as customers…
number 2 > mobile web does not like url’s so OpenID not good.
Simple NOT true have you actually used the mobile web its all painful and systems for ID will provide autofill and infocard like service
number 3 > pishing and url scammers
provide all the security you can in helper applications and URL ID such as images and feedback… its a problem but really people have enough problem with simply using the same password everywhere anyway so lets not go down the philosophical vs practice of security route… people make mistakes help them to recover and prevent as much as possible is the rule to use…
number 4 > people dont understand multiple ID’s
complete nonsense very young children understand that presenting a different appearance to different people is a technique to achieve things most people see this well in the Work vs Play id’s that people have.
number 5 > its less user friendly because multiple steps
maybe but I dont think so by providing consistency people become more trusting and understanding of the process and look for this method exactly because it is familiar look at many workflows and mostly we do it because it is familular e.g. keyboard layout (-;
number 6 > multiple logins and multiple ID’s are good
I AGREE but we can have different levels within those logins and I would like to simplify DATA INPUT e.g. in one ID I can share my full home address or just the city to a different service provider chouseing the level at which I share personal data gives me finer control of what I send and means i DO NOT have to type it in each time and make mistakes and give up and go home when I presented with yet another form to fill in ! as a workflow its much better to chouse the ID and then the amount of data I want to share rather than making mistakes and not using the service…
scary but my opinions
I think should give people the option of OpenID simply because it can be useful
regards
John Jones
http://john.jones.name