Hi Dick

> With the finalization late last year of the OpenID 2.0 specs … and
> execution of non-assertion agreements by all the contributors

All signed agreements on the website relate to previous versions and
revs of the spec, not the final one. Hopefully this will be updated?

> … some other weaknesses of OpenID 2.0:
> * Performance: the redirects and discovery fetches can be slow.
> * Geeky interface: typing in an OpenID is not very friendly for the
> average web user.
> * Identifier Management: how does the user remember and know their OpenIDs.

I believe you can use the OpenID 2.0 authentication protocol but still
avoid these weaknesses. I wrote more about it on
http://commented.org/blog/2008/1/3/continuous-openid.html
and would be interested in hearing your take.

-Hans

It’s a chicken-and-egg game of getting enough adoption to solve problems and solving problems to get adoption. But there are some simple things we can do, like enabling email addresses as OpenID identifiers to make it more user-friendly.

The key way to look at OpenID, is as an interface for validating claims. From that perspective, companies building new sites and services, should consider it as an API for outsourcing their identity management tasks, which are plenty, and very costly to develop. Just like most startups don’t write thier own database, they should not create their own identity management system. And OpenID is a great way of delegating this to someone else.

More on this at: http://www.hueniverse.com/hueniverse/2008/01/addressing-open.html

2008 would be the year of OpenID only if I’m able to comment on your blog using an OpenID 2.0 Provider

I’m definitely looking forward to see what happens in 2008. If you ask me OpenID is steadily growing even if there are some usability issues that have to be addressed. By now nearly everyone has an OpenID (even though only few know they do, and even fewer know what it’s good for).

>All signed agreements on the website relate to previous versions and
>revs of the spec, not the final one. Hopefully this will be updated?

I think the agreements refer to the draft that was made final. We did not want to call them Final until the agreements had been made. Somewhat of a catch-22.

I’ll take a look at your post Hans, sorry to have missed it.

Hmmm, you should be able to … let me check on that.

Email identifiers are "bad" for a number of reasons, and I don’t think that is a barrier to adoption.

I’ll check out your post!

We need to get to a state where people know they have one!

Hi Dick,

I can’t sign-in when I type I "myopenid.com" as my OP identifier. The error is "Login failed: Found no OpenID services"

In theory, based on blogosphere posts, someone should also be able to type in "flickr.com" to initiate a 2.0 sign-in process. That also doesn’t work.

Hmm. Will have to look at that.

Yahoo opens OpenID service, so at this time OpenID users ~300M

And anyone with an account on Blogger now has an OpenID as well.

I work with a team that has just begun trying to solve some authentication problems with an implementation of OpenID that pair a user OpenID with a strong authentication device, like a smart card or USB token.

We are certainly excited to take part in the OpenID area. We also realize, as its been addressed in this post, that progress sometimes is preceded by adoption.

We’ve set-up a beta OpenID provider site, http://openid.trustbearer.com/.

While having strong authentication is good, it does not solve the RP proxy attack from a malicious RP.

Is OpenID actually working? I have tried to login to many websites using openid, including this site when i want to send comment, but I always get this error: Found no OpenID services. It is as same error as the comment posted previously. Has anyone get the solution yet? Thanks.

I’m guessing you mean on this site? We are in the middle of putting in a new comment system. Sorry for the problems.