Please upvote to give the standards more exposure.<p>Yahoo, Google and MySpace are supporting the spanking new OpenID OAuth Extension protocol. I have this on my plate at this exact moment, I am not sure how long it will take them to support this, but for now, I found Yahoo's Contacts API to be the easiest, and Facebook's Registration/SSO to be the hardest.<p>This is what my todo list looks like:<p>1) Visit all these websites:
<a href="http://knowem.com/" rel="nofollow">http://knowem.com/</a><p>2) See which ones have authentication API<p>3) Implement them.<p>4) ???
I know very little about OpenID and, lacking knowledge, I've been avoiding it as a user.<p>I've tried reading up on it but the sites/tutorials I looked at were excessively vague, wordy and I got an impression that I don't want to use OpenID for myself. HN audience, however, seems quite favourable to the standard though, so I'm willing to accept that my initial reaction was a wrong one.<p>Can you recommend a good reading on the current state of OpenID, with emphasis on security please?<p>Thanks.
Has anyone seen a site claiming to use OpenID but actually phishing with a redirect to a similar-looking URL (e.g. typo-domains of google/yahoo/etc.) to grab your password?<p>I always check the URL before entering my credentials, but there's always the risk of similar looking glyphs at a different code point (is Unicode allowed in domain names yet?), or just typo-blindness.
This feels to me like OpenID finally coming of age - the OpenID+OAuth hybrid protocol means you can one-click sign in to a site and simultaneously grant it access to an OAuth protected resource such as your address book. From what I've heard it usability tests extremely well too.
I'm sorry, I still don't see the advantage of OpenID. Can anyone explain why it's any more convenient than username/password? I still haven't bothered to sign up for StackOverflow because the signup seemed far more complicated than it is for just about any other Web 2.0 site.
I do not use OpenID for privacy reasons. All accounts are using different names and I don't sites to know that "this person A" and "that person B" are in fact the same. It's no one's business.
OpenID needs to hurry up and die so efforts will not continue to be wasted either pushing for OpenID or trying to support it. That way, work can begin in earnest on the next standard protocol that will replace it.