So I just installed the wordpress openid plugin – it’s a fantastic idea and works well. I don’t want to have to make people sign up on my site and everyone already has an openid — one of the listed participants is AOL and everyone has an AIM screen-name.
If you’re unfamiliar with OpenID, and since it’s not widely used, you probably are, it’s a distributed authentication system. The idea is you have a trusted authority and that authority can vouch for you. Just like you don’t need to setup an account at every single liquor store, you just show them your license. The added benefit here is, instead of one single dmv, there can be many, just in case the local dmv goes out of business. So, if you’ve got an account on a yahoo service, flickr, messenger, mail, etc, you can use yahoo to authenticate; if you use some other prevalant service, you can use them instead… it’s great, and prevents lock-in to a single companies services.
The thing that sucks, and this is so damn stupid – the convention for a “username” is loginserver.domain/username — ala kerberos. The problem is they used a “/” instead of a “@” and didn’t tie it into dns. It’s a great idea, but there need to be a couple small tweaks and it would catch one:
- integrate DNS
- allow people to use email addresses instead of urls.
I should be able to put in email@example.com, and my log in program should then do a “host -t oid aol.com”, find the openid server and then do the authentication with that. Instead you’re required to know that aol.com uses openid.aol.com as it’s openid server and to use a url.
I know this seems like small stupid stuff, but it is, and it’s why openid won’t catch on. It’s really too bad, because having an open, scalable, distributed login system not in the hands of any single corporate entity is really important.