OpenID isn’t actually distributed at all.

The arguments for OpenID which were covered on this topic to why webmasters should opt-in to OpenID (and perhaps use OpenID only) left some concerns for security, and they were for the most part, left unanswered.

I do think however, some valid points raised about security, or lack thereof, due to the distributed nature of OpenID and how the ‘benefit’ of being able to change your password at one location if your account was broken into, was actually a flaw working to the benefit of would be account hi-jackers.

OpenID isn’t actually distributed at all. I think the benefit for something like ID actually comes from its potential of abstracting the details of the authentication mechanism itself from the OpenID consumer. For instance, there is nothing to say that an OpenID provider won’t require two or even three-factor authentication to return a successful reply, yet everyone always uses the username/password combination as an example.

In other words, it is preferable that users have stronger authentication in one place than weak authentication in many places. But now I am getting off-topic. :)

Myles Eftos’s explanations of OpenID and OAuth had the room thinking “why haven’t I implemented this myself already?”

It was indeed an interesting discussion.

I do think however, some valid points raised about security, or lack thereof, due to the distributed nature of OpenID and how the ‘benefit’ of being able to change your password at one location if your account was broken into, was actually a flaw working to the benefit of would be account hi-jackers.

These and other security related questions were left without answers of substance.

But srsly, the biggest boon for me was the opportunity to network with top-notch people, not the nitty-gritty of the tech stuff. There’s no substitute for something like that in cyberspace. It’s good to see so many other web and tech conferences flourishing. I’m going to do my best to attend more of these sorts of events in the future.