Is that the smallest you have?

Monday, 15 June 2009

Between 2002 and 2009 I was an active member of livejournal but recently I removed all my content, deleted my account, and then ceased using the service.

Unfortunately I had to un-delete the account after a week, as I suddenly realised that I'd used the URL as an OpenID identifier.

(A few sites, such as stackoverflow, only use OpenID for handling accounts. So I just entered the livejournaly one without really thinking it through.)

Anyway the upshot of this is that I've hacked up a "quick" Perl OpenID handler, and I can now authenticate as

"Quick"? Well the thing about OpenID is that it is complex. More complex than you'd expect. (Common theme, here?)

I've now coded an OpenID consumer (again pretty livejournal-specific!) and an OpenID server - and both times the lack of documentation made the process annoying, fiddling, and more difficult than it should be:

So why something for me? Well if you're going to use OpenID then the whole premise is that you'll centralise. That means that you'll use the same identity everywhere - suddenly if your provider goes bust, gets bought out, or is compromised all the sites you use with it are vulnerable.

If I'm going to use OpenID I want the confidence that it is under my control. Completely. (Delegation does solve that to a certain extent; but not exclusively.)

Finally: No, will not accept OpenID logins. Ask me to justify that sometime. In a pub. You're buying ...

ObFilm: Lolita



Comments On This Entry

[gravitar] Charles Darke

Submitted at 20:03:03 on 15 june 2009

Maybe I'm just a control freak, but I wouldn't use an OpenID (or email address for that matter) run by somebody else. I don't really see a huge advantage of OpenID and prefer simple username/password.
[author] Steve Kemp

Submitted at 20:15:04 on 15 june 2009

Like I said in the post some sites only support OpenID so if you want to use them you must have it ..

On the whole I don't use it, but at the same time it is cute to only remember one login/password rather than multiple ones for multiple sites.

(Though in practise I tend to have per-site passwords and I carry an encrypted pwsafe database around with me. So its not often that I need to struggle to remember one.)

[gravitar] James

Submitted at 07:43:14 on 16 june 2009

The other thing is sites should support more than one OpenID being associated to an account - stack overflow/server fault support this, so does sourceforget, but many others don't.
[gravitar] Adam

Submitted at 21:10:37 on 16 june 2009

I like the idea of OpenID or BitCard but I don't trust something I don't control and support it patchy and buggy.
[gravitar] Dave Holland

Submitted at 14:27:43 on 18 june 2009

Probably best to keep open anyway - just so no-one else can use it on the other sites you forgot you registered with!


Comments are closed on posts which are more than ten days old.

Recent Posts

Recent Tags