Comments on: OSCON 2006: Practical OpenID http://www.sitepoint.com/blogs/2006/07/29/oscon-2006-practical-openid/ News, opinion, and fresh thinking for web developers and designers. The official podcast of sitepoint.com. Sun, 08 Nov 2009 18:39:36 -0500 http://wordpress.org/?v=2.8.4 hourly 1 By: Vincent http://www.sitepoint.com/blogs/2006/07/29/oscon-2006-practical-openid/comment-page-1/#comment-249395 Vincent Wed, 16 May 2007 20:08:49 +0000 http://www.sitepoint.com/blogs/?p=1659#comment-249395 RuinDweller, also, using an OpenID, you can identify a user and track him, e.g. you could show all posts by that user. RuinDweller, also, using an OpenID, you can identify a user and track him, e.g. you could show all posts by that user.

]]> By: Leaving Canada at Yes, I’m Canadian http://www.sitepoint.com/blogs/2006/07/29/oscon-2006-practical-openid/comment-page-1/#comment-45062 Leaving Canada at Yes, I’m Canadian Sat, 12 Aug 2006 02:29:46 +0000 http://www.sitepoint.com/blogs/?p=1659#comment-45062 [...] Before our week in Montreal, there was the cottage, which was four days of lakeside bliss with long-missed friends. After the lights finally came on, everything went perfectly up until the last hour before we all left, when Chris walked through a screen door and his girlfriend Lou dropped her car keys in the lake. My best guess is that they didn’t want to leave, and were doing their best to delay the inevitable.And before the cottage, there was my week at OSCON in Portland. I blogged the nitty gritties of that in detail at SitePoint, but in general it was an astonishing gathering of talent. Attendees routinely sat in sessions coding some personal project or other, or participating in the conference “back channel” on IRC. At one point during the final day, I walked into a men’s room behind a fellow toting an open laptop who proceeded to stand at a urinal and continue to surf the web with the laptop in his free hand. [...] [...] Before our week in Montreal, there was the cottage, which was four days of lakeside bliss with long-missed friends. After the lights finally came on, everything went perfectly up until the last hour before we all left, when Chris walked through a screen door and his girlfriend Lou dropped her car keys in the lake. My best guess is that they didn’t want to leave, and were doing their best to delay the inevitable.And before the cottage, there was my week at OSCON in Portland. I blogged the nitty gritties of that in detail at SitePoint, but in general it was an astonishing gathering of talent. Attendees routinely sat in sessions coding some personal project or other, or participating in the conference “back channel” on IRC. At one point during the final day, I walked into a men’s room behind a fellow toting an open laptop who proceeded to stand at a urinal and continue to surf the web with the laptop in his free hand. [...]

]]> By: Kevin Yank http://www.sitepoint.com/blogs/2006/07/29/oscon-2006-practical-openid/comment-page-1/#comment-41619 Kevin Yank Mon, 31 Jul 2006 14:42:24 +0000 http://www.sitepoint.com/blogs/?p=1659#comment-41619 RuinDweller, Whatever anti-spam measures you normally use can be applied to OpenID logins as well. OpenID is not an anti-spam measure, nor does it interfere with your anti-spam measures. OpenID doesn't remove the "what they know" test. The OpenID server specified by the user still checks that the user knows his or her login details for you. The only difference with OpenID is that <em>your site</em> doesn't have access to the user's login credentials. Precisely, what a successful OpenID login to your site tells you is that the user that logged in has control over the content of the URL they provided. Whether or not you trust the owner of that URL to not be a spammer is a separate issue, and one not handled by OpenID (nor is it handled by any other user authentication scheme). RuinDweller,

Whatever anti-spam measures you normally use can be applied to OpenID logins as well. OpenID is not an anti-spam measure, nor does it interfere with your anti-spam measures.

OpenID doesn’t remove the “what they know” test. The OpenID server specified by the user still checks that the user knows his or her login details for you. The only difference with OpenID is that your site doesn’t have access to the user’s login credentials.

Precisely, what a successful OpenID login to your site tells you is that the user that logged in has control over the content of the URL they provided. Whether or not you trust the owner of that URL to not be a spammer is a separate issue, and one not handled by OpenID (nor is it handled by any other user authentication scheme).

]]> By: RuinDweller http://www.sitepoint.com/blogs/2006/07/29/oscon-2006-practical-openid/comment-page-1/#comment-41605 RuinDweller Mon, 31 Jul 2006 13:29:05 +0000 http://www.sitepoint.com/blogs/?p=1659#comment-41605 The whole concept of OpenID eludes me. We authenticate users on "what they know" basis. We assume that if somebody khows login details he has a right to use our services. With OpenID all we get is clarification that the user indeed pointed us to a valid OpenID server. Weeding out spammers is hard enough on a server with a thousand users. Imagine managing millions of OpenID URLs. I'm not against OpenID I just don't UNDERSTAND it. If somebody could clarify this I'd be more than happy. Their site just says that OpenID is not a trust system. The whole concept of OpenID eludes me.

We authenticate users on “what they know” basis. We assume that if somebody khows login details he has a right to use our services.

With OpenID all we get is clarification that the user indeed pointed us to a valid OpenID server.

Weeding out spammers is hard enough on a server with a thousand users. Imagine managing millions of OpenID URLs.

I’m not against OpenID I just don’t UNDERSTAND it. If somebody could clarify this I’d be more than happy. Their site just says that OpenID is not a trust system.

]]>