OpenID: Magic bullet?

I admit I’m still wrapping my head around it, but from what I understand a lot of people are excited about it. Is this the answer to logins and registration online or is it going to fail?

– IG

I dunno. It seems vendor driven rather than customer driven. That does not ensure failure, but it is going to take a bit more work to sell it. Unless a person has an overwhelming desire to “join” (or at least post to) dozens of new sites every week, it seems almost more work to establish one’s ID in the æther than it does to simply sign up at new locations periodically. (And until there is substantial evidence that it will provide effective, secure communications for financial transactions–something that still seems a bit distant–it is only going to be useful for casual conversations.)

This is not to say I consider it a bad idea. A lot more people will be able to read “registration required” news sites if that industry buys into it, but I rarely sign up for new sites requiring registration, so having my ID sitting on some “neutral” third party server waiting to be hacked does not make me dance with excitement.

How is it different from Windows Passport? I mean, other than the obvious “not being the property of Gates”.

OpenID is still kind of black magic for me. I can’t see how it could really be used for authentication. Among other things, it seems to depend on the owner of your internet domain being trustworthy, which is by no means a guaranteed scenario. Also, critics have raised the incredible potential for phishing and spoofing that OpenID presents; the Open ID wiki has a large-ish page dedicated to this problem and how it could be solved in the next version of OpenID.

I’m not exactly brimming with confidence, here.