The Non-Scary Way of Learning About OpenID
Posted by lachlanhardy on 20071220 at 1506
I hear lots of paranoid mutterings about OpenID from geeky folks. I get that. They’re still hurting from the fiasco formerly known as Passport. It’s understandble, but it’s time to let it go.
People have valid concerns about any scheme purporting to represent their identity (or identities, given we’re talking about the web). It’s hard to get to the bottom of those with OpenID, because, as has been raised on the mailing lists, it’s very obscure niche topic with bugger all in the way of plain language explanations. It takes too long to get into it and understand it, and not everybody has that time. This is for those who are willing to trust that I took the time.
The next five points are for all my geeky friends who can’t be stuffed delving into esoterica:
OpenID is good for you.
You can stop using usernames and passwords for every site that supports it.
OpenID saves you stress
You don’t have remember which of the 3 different passwords you’ve used since high school is the right one for this site. You don’t have remember which of your 47 different usernames you gave it.
OpenID saves you time
You don’t have to trawl your browser password storage to find the right one when you haven’t visited the site since you last cleared your cookies.
OpenID is safe
Hardcore security freaks can go read the specs, get involved in the community and determine this for themselves, but for the rest of us, it’s enough to know that a bunch of very smart hardcore security freaks have already done this.
The defence rests
There you have it, folks, the completely non-scientific (and non-scary) explanation of OpenID. No grand justifications. No confusing diagrams.
What now?
Just 3 simple things to do:
-
I recommend ClaimID because those guys are fucking smart, but lots of people like myOpenId too;
Make sure you delegate your OpenID to your own site using Tim Lucas’s handy instructions so you have control of your identity; and
Tell your all friends - if you want the revolution, you’d better start lighting fires.
Party on, people. The fight isn’t over yet.
Comments
There are 6 comments on this post. Post yours →
Earlier this evening I slipped and fell into OAuth … I looked … I read … I sighed … I left.
!j/k
–bentrem
p.s. MozDev 0.98a? Someone with a name like you, or a style like you … gawwwwd those late hours on IRC shudder
cheers
In French: “Ostine moi pas!”
http://oauth.net/
A wise man once said “If they blog comments doth not support OpenID, thou shalt ne’er discuss OpenID”.
What about non-geek types? It all sounds pretty complicated for the standard web user.
Is this the case? … and how will that impact the mainstream adoption of OpenID?
@Ben I really struggle to keep up with you. And I have no idea what ‘ostine’ means :)
@Nic Fair call. People have been asking for it in SimpleLog for nearly a year, but no dice. I got cracking this morning, so we’ll see how long that takes me ;)
@Scott The user experience is OpenID’s single biggest issue. It shouldn’t be as hard as it is.
I reckon it’s mostly due to complexity. For folks to be convinced that it is a good idea, they want to know some things about it and explanations get complicated very very quickly. In terms of actually just using it, it’s easy. The problem is convincing folks to use it.
I think myVidoop’s video explanation is one of the best, but it still gets way too jargonistic after a while: OpenID according to Dave.
I’ve poked about looking for an answer to this one but so far nothing definitive… are there any issues delegating more than one URL back to a single openid?
Obviously each extra URL is one more site to “keep safe” but otherwise it seems ok to me; but then I don’t know if openid servers will chuck a wobbly if more than one site gets delegated.
Thoughts?
Heckle me
Required fields are emphasised.
Apparently we're using Markdown until I finish hacking this install to death. See the Markdown syntax rules for help