OpenID: Enabled, not Required
I’ve been talking about OpenID, and hoping that it catches on so that everyone can use just one login credential to all the sites that are OpenID-enabled. It may or may not affect the user-experience. I guess it depends on how efficient servers communicate with each other. Kyle Neath points out 5 reasons why he would not be implementing OpenID. From what I’ve read, I think he simply disagrees with sites requiring an OpenID, not the ones that are OpenID-enabled. Having OpenID as another option to authenticate yourself is good, but using OpenID ONLY to authenticate yourself is not good. And he raises valid points.
99% of implementations are naive
That’s his first reason for not joining the OpenID bandwagon. Basically, OpenID lets anyone become an OpenID provider. And big companies want to be the only OpenID provider. If the provider goes belly-up, however, the user information is gone.
My take on this is that if you own a site and want to implement OpenID, you shouldn’t provide OpenID to the world. You can be a provider for you and yourself alone. Let the big companies battle it out. You can just sit back and watch the show. After all, you are independent of those companies aiming to be the ONLY OpenID provider.
OpenID just doesn’t work for the mobile web
I somewhat agree with this. URLs may be longer than usernames and passwords. However, let’s look at a bigger picture. How big is the mobile web exactly? How many people would actually conduct business, write blog entries, and/or read feeds using their smartphones or hiptops?
The mobile web is slow, for now. Until it catches up with DSL or cable, and become ubiquitous, the mobile web is not a valid reason not to implement OpenID. Besides, the US is just a fragment of the world market for the Internet. Not a lot of people are using their smartphones and wireless devices in other parts of the world.
OpenID assumes the Internet is full of good-natured human beings
This is where I completely agree with Kyle. The Internet is just too damn un-secure for any kind of authentication taking place. Who would know that they have a trojan in their system? Even the best Internet security software can not detect ALL malicious code.
But here’s the thing that bugs me. If you are your own OpenID provider with no other identity other than your own, how can you get hacked? And if it does happen, there’s no one to blame but yourself. Would you, then, rather sign up with another OpenID provider to pass accountability? If you get hacked, it just means you need to learn more. Make your kung-fu stronger with every boo-boo you encounter.
Multiple OpenIDs to rule them all!
With the number of companies that want to provide OpenIDs, it’s no wonder that a number of people have a number of OpenID identities already. I think I have six, also. It may be more. I don’t bother with the others anymore. I guess for this to be not confusing is to pick one and stick with it.
It’s less user-friendly
This maybe true. And this is all based on user-preference. I’m fine with the process of login -> openid login -> done. It’s only one time that I enter the username and password for my OpenID server. After that, it’s just the servers talking to each other, with the help of cookies.
Kyle’s opinions are valid. It’s some sort of an eye-opener to the people who are thinking of OpenID and what’s in it for them. But those are just what they are. Opinions. He’s entitled to his, and so is everyone else. As far as I’m concerned, OpenID should be implemented, but not required.
Of course, it’s all about user-preference in the end. You don’t want OpenID, fine. And no one is going to force you to change your mind. Just don’t expect OpenID advocates to change their mind because of some flaws in a system. Everything is flawed anyway.
@Luis Cruz: I totally respect that. And it’s not a problem, going off-topic. Do let me know if there’s anything I can help you with regards to OpenID. But I’m sure you got that covered.
I know LJ allows limited OpenID access and even that limited functionality is ok with me – at least for now. Besides, it’s still better than what others are offering.
As for scrapers, I’d do the same – go straight to the host. The thing is, I’ve come across people who have original content but for some reason decide to copy a whole post or a large chunk of a post. In some cases, they post a photo and give credit, but don’t provide a link. These are the people that I’d like to contact directly.
I won’t go any further on this topic anymore though. I think that’s for a discussion on plagiarism, fair use, copyright, and similar topics – not a post on OpenID.
@Luis Cruz: Livejournal allows guests to login with their OpenID to be allowed to comment on Livejournal posts, but OpenID users are considered anonymous by LJ, and sometimes authors don’t allow anonymous commenting. LJ basically defeats the purpose of having an OpenID from another provider and “forces” you to register with them. Not really a good practice from where I’m standing.
As far as scrapers are concerned, I’d contact the hosting provider instead of the author. This way, they know that one of their subscribers is in violation of the terms of service. But it’s all just a big waiting game. Not kosher indeed.
I know this is wishful thinking, but what I’d really love to see is social sites (Friendster, Multiply, Facebook, etc.) allowing OpenID logins, even if all it allows me to do is comment on content posted there.
I’ve seen some content from my site posted on such places and I would like to at least leave a comment – mostly to thank them for links, to comment on their own posts, and sometimes to remind them that copying a whole post isn’t kosher.
You see, I don’t want to have so many different profiles or accounts on services that I’ll hardly ever use anyway.