[artlogic]

I've heard vague mentions of OpenIDs fundamental problems, but is there a breakdown somewhere? I've had a hard time finding a detailed technical description of why OpenID failed.

I do understand that it confused the hell out of users that they had to login in with a URL, but that seems like branding and education more than a technical flaw.

[Navarr]

I have always thought that OpenID would be wildly more successful if:

1. User puts in their email address

2. Website does a lookup on DNS for the email to find an OpenID endpoint (via SRV or TXT or whatever else)

3. If OpenID connector is found, user gets redirected to authenticate

4. If not, generic create account method.

[icebraining]

I think that's essentially Persona, except they do some extra work to avoid informing the Authentication endpoint about the sites you're logging in to.

[artlogic]

Exactly - that's why I say that the "enter a URL" issue seems like a minor update, not a glaring technical issue.

[alwillis]

Good breakdown of different distributed naming/id systems, including OpenID: http://webcache.googleusercontent.com/search?q=cache:XpidG9O...

[nickbauman]

That confusing part is not just a technical problem. OpenID basically teaches users to be phished, for one. But this has been discussed elsewhere, by yt, on HN.

[xj9]

Could you link to that discussion?

I'm very interested in the concept of federated identity and I would like to see where previous efforts have failed (and what they did well).

[nickbauman]

Here you go: https://news.ycombinator.com/item?id=8831419