Comments on: SXSW Report: A Critical Look at OpenID

By: Buy cheap phentermine.

Buy cheap phentermine. — Fri, 01 Aug 2008 17:00:09 +0000

Buy cheap phentermine….

Buy phentermine. Buy phentermine cod. Buy phentermine overnight. Buy phentermine mg. Buy cheap phentermine on line now save. Buy pal pay phentermine using. Buy generic phentermine bloghoster….

By: OpenID for BtoB? Not So Sure…Yet - Bullblog - Bulldog Solutions

OpenID for BtoB? Not So Sure…Yet - Bullblog - Bulldog Solutions — Mon, 05 May 2008 16:31:27 +0000

[…] in an article in the April issue of Marketing Watchdog Journal. And check out a great summary here of a SXSW Interactive panel on the […]

By: Brendan Taylor

Brendan Taylor — Tue, 25 Mar 2008 15:59:27 +0000

“OpenID along with Oath”

I believe you mean OAuth.

By: Nikim

Nikim — Mon, 24 Mar 2008 10:05:14 +0000

Interesting page., guy

By: SXSW: A Critical Look at OpenID « Stone Ward Interactive

SXSW: A Critical Look at OpenID « Stone Ward Interactive — Thu, 13 Mar 2008 18:29:04 +0000

[…] SXSW Report: A Critical Look at OpenID […]

By: drstarcat

drstarcat — Wed, 12 Mar 2008 23:12:47 +0000

Sam Felder also had did a nice (and much shorter) writeup of the panel here: http://www.samfelder.com/2008/03/a-critical-look-at-openid.html

By: The History of Tomorrow’s Internet: Identity (iCards, pt. 1) | drstarcat.com

Wed, 12 Mar 2008 16:10:02 +0000

[…] my OpenID report from SXSW I jumped to OpenID briefly, but I want to cover iCards before continuing down that road. iCards are […]

By: Sam Hasler

Sam Hasler — Wed, 12 Mar 2008 10:59:17 +0000

“If someone gets my OpenID, can’t they login to all my sites? Yes, but this happens if they get a hold of your email as well (they can send password reminder requests).”

That’s a statement about the impact of either happening, it doesn’t address the difference in likelihood of either happening.

Isn’t it easier to hack a website to get control of an OpenID URL than it is to hack into an email account?

Or would you really need to hack into the OpenID account (which is distinct from the OpenID URL. i.e. you could control a URL that original defered to a MyOpenID account without knowing anything about the account).

For spammers, hacking OpenID’s URLs and searching for where they’ve been used to post comments on blogs - and so therefore might be whitelisted - could be an easy way to get round stricter comment spam filters.

They might work it the other way of course. find OpenIDs used to post comments, then check if the URL is secure. That could mean that the more you use your OpenID the more you are exposing yourself to spammers trying to hack your OpenID URL.

I wouldn’t be surprised if within the next year there someone within the OpenID community who defers their OpenID from a website they manage themselves gets their site hacked and their OpenID used to post comment spam.

By: George Fletcher

George Fletcher — Tue, 11 Mar 2008 05:05:39 +0000

So yes, I do have gray hair and it’s getting grayer by the day:)

As for AOL and Relying Party support. We do support 3rd party OpenID’s on dev.aol.com and a couple other sites: ficlets.com (which one best use of CSS) and circavie.com. We are working to make the relying party support more robust and to cover more services. I don’t want to give the impression that AOL is not active in supporting OpenID as a relying party.

On the security front, OpenID 2.0 does require SSL in a few cases so the 2.0 spec is much better from the security perspective.

However, the issue is how much security is needed for the resources being provided. SSL might be overkill. The only minor problem with this logic is that many people use the same password so any insecure channel could compromise their identity.

By: drstarcat

drstarcat — Mon, 10 Mar 2008 21:39:47 +0000

Thanks for the post edits. Email now equals OpenID, Artur is now Swedish!