There’s been a lot of noise in the ether recently about OpenID.
BarcampLondon2 saw quite a few sessions and lots of interests in them. In the week preceding that, Microsoft announced support for OpenID and AOL sneakily turned all their AOL user accounts into OpenIDs (I love genius - even when it’s evil genius). Simon Willison has been talking about it for quite a while now and at FOWA London presented a session about using OpenID for your webapps. He had slides which I will link to when they become available within the next few weeks.
Nic Ferrier, a hacker and demi-god I have the good fortune of knowing personally has just released a new OpenID server. ProoveMe
Yeah, yeah, what makes his so special?
Nic uses SSL Certificates generated and installed on your browser when you register at or login to prooveme
for authentication. Two immediate benefits.
1) SSL Certificates prove STRONG authentication. Need I say more?
2) You don’t get redirected to your OpenID provider when your try to login to a site1.
This is ingenius although it does have a few criticism from me.
What happens when I loan my laptop to a friend, say to browse the internet at a conference while I talk (I do this a lot)?
Problem: My friend, having access to my browser can access all my pre-authenticated sites as me. Bad Friend!
Reality: I have a guest account on all machines I touch for this reason so it’s unlike to happen, but not everyone is as wary as I am.
It’s well worth a look and Nic’s happy to hear criticisms, so drop him a note if you think there’s a problem with his implementation.
Whatever happens, we have collectively decided that we don’t want to manage multiple usernames and passwords anymore - that’s why we had the blasted computers in the first place. OpenID solves the Problem, but will it win the race for dominance? This remains an important question.
[1] Being taken away, no matter how short the departure is and even with the promise of being brought back is a big attention killer and was one of the annoying things I had with OpenID.