This is a bit off subject, but....
What is your opinion on OpenID?
Are you using it?
Is it worth the trouble?
What php code applic, or did you code your own?
Pear has an alpha release OpenID, anyone try or using it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Al wrote:
> This is a bit off subject, but....
>
> What is your opinion on OpenID?
openID & foaf+ssl are the future without a doubt, openid is a step in
the right direction; most important factor is giving every person a http
identifier (URI); because then you can start linking data together.
article -> dc:creator -> "al"; <-- means nothing
so we give you a unique identifier which can be looked up to
authenticate you, get more info about you etc.
article -> dc:creator -> "http://ridersite.org/al" <-- means everything
> Are you using it?
yes
> Is it worth the trouble?
the trouble is not using it; so yes more than worth it
> What php code applic, or did you code your own?
various, rolled my own + recently used zend_openid which is v good;
here's a list:
http://openid.net/developers/libraries/#php
> Pear has an alpha release OpenID, anyone try or using it?
would stick to the ones on the page above ^^ also many plugins for
drupal, wordpress, various cms's etc which work out of the box.
would completely reverse this back to you; can you think of one good
reason *not* to use openid?
regards!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
> -----Original Message-----
> From: Al [mailto:news@ridersite.org]
> Sent: Monday, February 01, 2010 12:09 PM
> To: php-general@lists.php.net
> Subject: [PHP] OpenID
>
> This is a bit off subject, but....
>
> What is your opinion on OpenID?
Failed gimick.
Tried to resurface again about a year ago.
Still seems like failure.
http://electronicmuseum.org.uk/2008/07/16/openid-fail/
http://thenextweb.com/2008/10/30/google-openid-fail/
http://en.wikipedia.org/wiki/OpenID#Adoption
> Are you using it?
Uhm, no.
I've got more important things to worry about and implement.
> Is it worth the trouble?
I hear it's relatively simple to implement, but even then it's just another
hassle you have to test and work with forever (or eventually drop it as
some sites have).
> What php code applic, or did you code your own?
> Pear has an alpha release OpenID, anyone try or using it?
N/A
It sounds great in theory, but I see it as a solution in search of a
problem. Sure everyone has a bajillion logins, but you know what, the
browser has solved that long ago by remembering my user/pass for each and
every site. Most sites also conveniently store a cookie hash so you don't
even have to login -- it just knows you if you use the same computer to
connect.
There is an inherent distrust when you are re-directed somewhere -- I don't
even like to get redirected to PayPal from eBay, and they're the same
company! :)
It's too "techy" for Jane Average and too cumbersome for Joe Savvy.
YMMV.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--=-m8qO00bwKBob2AlV6D5B
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
On Mon, 2010-02-01 at 18:38 -0800, Daevid Vincent wrote:
>
> > -----Original Message-----
> > From: Al [mailto:news@ridersite.org]
> > Sent: Monday, February 01, 2010 12:09 PM
> > To: php-general@lists.php.net
> > Subject: [PHP] OpenID
> >
> > This is a bit off subject, but....
> >
> > What is your opinion on OpenID?
>
> Failed gimick.
> Tried to resurface again about a year ago.
> Still seems like failure.
>
> http://electronicmuseum.org.uk/2008/07/16/openid-fail/
> http://thenextweb.com/2008/10/30/google-openid-fail/
> http://en.wikipedia.org/wiki/OpenID#Adoption
>
> > Are you using it?
>
> Uhm, no.
> I've got more important things to worry about and implement.
>
> > Is it worth the trouble?
>
> I hear it's relatively simple to implement, but even then it's just another
> hassle you have to test and work with forever (or eventually drop it as
> some sites have).
>
> > What php code applic, or did you code your own?
> > Pear has an alpha release OpenID, anyone try or using it?
>
> N/A
>
> It sounds great in theory, but I see it as a solution in search of a
> problem. Sure everyone has a bajillion logins, but you know what, the
> browser has solved that long ago by remembering my user/pass for each and
> every site. Most sites also conveniently store a cookie hash so you don't
> even have to login -- it just knows you if you use the same computer to
> connect.
>
> There is an inherent distrust when you are re-directed somewhere -- I don't
> even like to get redirected to PayPal from eBay, and they're the same
> company! :)
>
> It's too "techy" for Jane Average and too cumbersome for Joe Savvy.
>
> YMMV.
>
>
I see some popular sites are starting to use it as a login method.
Sourceforge for example allows OpenID logins.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--=-m8qO00bwKBob2AlV6D5B--
Daevid Vincent wrote:
>
>
>> -----Original Message-----
>> From: Al [mailto:news@ridersite.org]
>> Sent: Monday, February 01, 2010 12:09 PM
>> To: php-general@lists.php.net
>> Subject: [PHP] OpenID
>>
>> This is a bit off subject, but....
>>
>> What is your opinion on OpenID?
>
> Failed gimick.
> Tried to resurface again about a year ago.
> Still seems like failure.
++
Session ID hijacking is bad enough, it gives the malicious user access
to one resource.
OpenID hijacking gives the malicious user access to a ton of resources.
And what does a user do when their OpenID provider disappears?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--0016e6d99bedd9ef7f047ee25ed6
Content-Type: text/plain; charset=UTF-8
On Mon, Feb 1, 2010 at 9:54 PM, Michael A. Peters
> Daevid Vincent wrote:
>
>>
>>
>>> -----Original Message-----
>>> From: Al [mailto:news@ridersite.org] Sent: Monday, February 01, 2010
>>> 12:09 PM
>>> To: php-general@lists.php.net
>>> Subject: [PHP] OpenID
>>>
>>> This is a bit off subject, but....
>>>
>>> What is your opinion on OpenID?
>>>
>>
>> Failed gimick. Tried to resurface again about a year ago. Still seems like
>> failure.
>>
>
> ++
>
> Session ID hijacking is bad enough, it gives the malicious user access to
> one resource.
>
> OpenID hijacking gives the malicious user access to a ton of resources.
> And what does a user do when their OpenID provider disappears?
>
>
I think Michael hit the nail on the head as far as my concerns are.. well..
concerned. :) Google's OpenID provider seems like it would be around forever
and whatnot, but if you're going to rely on one of the "big" OpenID
providers, then it would appear that OpenID itself is useless. Facebook's
OpenID, etc., are on shaky ground at best.
I use a few sites that leverage OpenID as their login process, and I've got
to say--it's very convenient. However, I only use my Google account for
OpenID logins, so to me, it's really just a Google connector.
I commend everyone involved for their effort, but I think the underlying
principles need to be re-examined. It feels like they rushed the whole
concept into production before too many of the fundamental issues had been
discussed and dealt with.
My 2c.
// Todd
--0016e6d99bedd9ef7f047ee25ed6--
--001636b2bc83cdd2c2047ee30705
Content-Type: text/plain; charset=ISO-8859-1
There is a openID mailing list set up if anyone has any technical questions,
general@openid.net
-Nate
On Fri, Feb 5, 2010 at 4:57 PM, haliphax
> On Mon, Feb 1, 2010 at 9:54 PM, Michael A. Peters
>
> > Daevid Vincent wrote:
> >
> >>
> >>
> >>> -----Original Message-----
> >>> From: Al [mailto:news@ridersite.org] Sent: Monday, February 01, 2010
> >>> 12:09 PM
> >>> To: php-general@lists.php.net
> >>> Subject: [PHP] OpenID
> >>>
> >>> This is a bit off subject, but....
> >>>
> >>> What is your opinion on OpenID?
> >>>
> >>
> >> Failed gimick. Tried to resurface again about a year ago. Still seems
> like
> >> failure.
> >>
> >
> > ++
> >
> > Session ID hijacking is bad enough, it gives the malicious user access to
> > one resource.
> >
> > OpenID hijacking gives the malicious user access to a ton of resources.
> > And what does a user do when their OpenID provider disappears?
> >
> >
> I think Michael hit the nail on the head as far as my concerns are.. well..
> concerned. :) Google's OpenID provider seems like it would be around
> forever
> and whatnot, but if you're going to rely on one of the "big" OpenID
> providers, then it would appear that OpenID itself is useless. Facebook's
> OpenID, etc., are on shaky ground at best.
>
> I use a few sites that leverage OpenID as their login process, and I've got
> to say--it's very convenient. However, I only use my Google account for
> OpenID logins, so to me, it's really just a Google connector.
>
> I commend everyone involved for their effort, but I think the underlying
> principles need to be re-examined. It feels like they rushed the whole
> concept into production before too many of the fundamental issues had been
> discussed and dealt with.
>
> My 2c.
>
>
> // Todd
>
--001636b2bc83cdd2c2047ee30705--