14 items tagged “identity”
2010
RasterWeb: Lanyrd. Pete Prodoehl calls me out on Lanyrd’s integration with the Twitter auth API at the expense of OpenID. I’ve posted a comment with my justification—essentially, tying to Twitter’s ecosystem means I can actually implement the features I’ve been talking about building on top of OpenID for years, with far less engineering effort.
Fixing the Google Account problem. 3,000+ words explaining how to open a Google Doc invitation sent to an e-mail address that isn’t associated with your Google account. Worth reading just to get an idea for the enormous complexity involved in running a large scale identity system and designing an interface for managing aliases and multiple profiles. Google haven’t got it right yet—has anyone else?
2009
OpenID: Now more powerful and easier to use! The OpenID+OAuth hybrid protocol (where a user can sign in with OpenID and grant an application access to their OAuth protected resources such as a contact list at the same time) is now supported by Google, Yahoo! and MySpace—this feels like OpenID finally coming of age.
“Recover my account” link on the login page. For the record, collecting and verifying e-mail addresses is a VERY good idea, even (especially?) if you accept OpenID. A verified e-mail address is still absolutely the best way to deal with lost passwords or “my OpenID isn’t working”.
FluidDB domain names available early (and free) for Twitter users. It’s interesting how Twitter has revitalised the concept of usernames as first class identifiers. FluidDB hasn’t even launched yet, but it’s allowing people to reserve their Twitter username within the FluidDB system just by following @fluidDB.
2008
Getting OpenID Into the Browser. David Recordon makes the case for online identity management as a key browser feature (I like the “your browser is currently locked” concept), and argues that Gears is in a great position to deliver it.
2007
Figuring out OpenSocial
So it’s out, and lots of people are talking about it, but I’m still trying to work out exactly what it is. There seem to be two parts to it: a standardised set of GData APIs for accessing lists of friends and their activities (like the Facebook news feed) and a bunch of JavaScript APIs for enabling developers to write hostable widgets and “container sites” to embed those widgets.
[... 289 words]Sun’s OpenID IdP: Real vs Fake. The thinking behind Sun’s decision to allow users of their OpenID provider to pick fake names and assign personal e-mail addresses.
Your telco knows who you are, where you live and even your credit card number or bank account. It's their business to provide you physical access from a real location and identify you as a customer by sending you invoices and receiving money from you. This means that Orange OpenIDs are verified IDs of real people as a matter of principle.
There is a problem of managing identity across the internet, so when I say Darren Waters I mean this person and all of the manifestations and representations and personas of that person. The ability to knit those together is a huge challenge and opportunity for us as an industry.
Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.
SMTP Service Extension for Yadis Discovery. Could potentially let you use your e-mail address as an OpenID, although personally I wouldn’t always want to hand my address over to third-party sites.
Firefox3/Firefox Requirements (via) OpenID and CardSpace are both listed as mandatory features.
An OpenID is not an account!
I’m excited to see that OpenID has finally started to gain serious traction outside of the Identity community. Understandably, misconceptions about OpenID continue to crop-up. The one I want to address in this entry is the idea that an OpenID can be used as a replacement for a regular user account.
[... 601 words]