[SGVLUG] "phising" for OpenID's

Sean O'Donnell sean at seanodonnell.com
Thu May 17 15:24:05 PDT 2007


Emerson, Tom (*IC) wrote:
> Don't you just hate it when you buy some new piece of hardware, find it
> "doesn't quite work", and the vendor/support website has a typical
> "PHP:BB" forum that you have to register yet another [throwaway] account
> that you'll forget in a weeks time?
> 
> Well, there is a (grass roots?) movement out to create something known
> as an "openID" [http://openid.net] 

I have mixed feelings about the whole OpenID service, or even using an
API from some monolith (aol, yahoo, google, etc.), if they were/are
available.

Goods:

1) great solution for users with memory recollection issues (like myself).

2) great for site owners who wish to attract a wider audience of users
with memory recollection issues.

Bads:

1) privacy - it allows the service provider to track which sites you
visit/log-in@/etc.

2) security - all it takes is 1 compromise of your account to allow some
would-be attacker to access your info from all of those openid-supported
sites.

I'm sure the goods outweigh the bads, but I'm still skeptical.

>From a development stand-point, it sounds like a fun project though,
regardless. =)

-- 
Sean O'Donnell
South Pasadena, CA

sean at seanodonnell.com
http://seanodonnell.com

PGP Public Key ID: 0xF57FB9E5
PGP Public Key Server: http://pgp.mit.edu

*The important thing is not to stop questioning. Curiosity has its own
reason for existing.*




More information about the SGVLUG mailing list