|
|
|
|
|
|
by cgart
5626 days ago
|
|
|
Indeed, I also think that OpenID is not designed well. I mean, I have tried to implement it already twice. And everytime, I think, I got the idea of OpenID, later I realize, no I still didn't got real wht it tries to do. What is wrong in that a spammer could easily host its own OpenID server and log in with that account on numerous sites. You even can write scripts to do it automatically, so I didn't really get the idea of OpenID. I think in the future we get OAuth as the winner. Yes, its main purpose is different, however "signing in" with OAuth is so much easier. Even a simple user can understand how it works. And by implicit use of only specific OAuth providers (where you registered your app), you close the door for "bot"-providers. Of course one can argue, that you can also force to use only specific OpenID providers, but this is not core idea of what OpenID was created for. |
|
|
Instead of using the same username + password combination for all the sites on the Internet (and suffering from Gawker-like incidents), or writing down a bazillion passwords in my keyring, I use my OpenID when I want to comment on random people's blogs or sites like StackOverflow.