I've been thinking recently of two features which would instantly make OpenID infinitely useful.
Firstly a background application that, on start up, would sign me into my OpenID provider and authenticate me on all my OpenID enabled sites. This removes the need to have to log in each time (well the first time for each session) and also removes the confusing redirections, which could be a vector for a phishing attack, especially to users who are new with the OpenID concept of consumers / providers.
And secondly (and more complicatedly) a way share information between OpenID authenticated sites.
For example, I currently have a Twitter account and a Facebook account. If I wanted my updates on Twitter to also update my Facebook status, I have to pass my credentials to the Facebook / Twitter application before that could happen.
If OpenID supported the idea of trust between applications (maybe limited by specific APIs) this could be done automatically without giving the Facebook / Twitter application full access to my Twitter account.
Again, this would have to be done in a very smart way so users won't accidentally sign their accounts away.
And yes, due to past mishaps, I did check Ted Dziuba's site before posting this :)
Subscribe to:
Post Comments (Atom)
About Me
- jklp
- Melbourne, VIC, Australia
- Jerrold is a recently migrated Melbourne based software engineer with roughly 5 years experience developing in Java and the web technology stack (HTML, CSS, DOM, JavaScript, etc). More recently, he's started developing in Python (well, Jython, but close enough) and is unsure if it's flaws outweigh its advantages of having a more sugary syntax. He is currently working at a small South Melbourne based company which specialises in sales incentive management / reporting software, and is being schooled in the finer points of small company operations.
1 comment:
re: And secondly (and more complicatedly) a way share information between OpenID authenticated sites.
No, thats what OAuth is for.
Post a Comment