openid $5000 bounty?

zoltandragon · 2008-12-15 09:57:38

Is there anything new about this plugin? I am really interested in implementing openID comment possibility, so this would be a perfect solution. Do I need to upload the JanRain PHP library to my server also?

Walker · 2008-12-15 14:20:53

Wouldn’t it be in the interest of the core team to get the $5,000 dollar bounty by integrating OpenID into the core?

I think it would be lovely:

1. OpenID commenting (with toggle to turn on off)
2. OpenID admin login (automatically on for associated accounts)

zoltandragon · 2008-12-15 14:23:33

I agree: take the bounty, and we’ll be happy, no questions asked ;))) Seriously, it would be awesome (btw: the WordPress solution is via plugin, but works just fine)

Manfre · 2008-12-15 14:24:10

I haven’t done anything with my plugin since earlier in the year. Didn’t get any feedback, so I assumed it was either working well enough or was not being used.

zoltandragon · 2008-12-15 14:26:01

Dear, dear Manfre, pls, pls – here’s my feedback (a newbie and totally non-programmer): I just don’t know how to get it working… It may very well be working, but I would love to try it.

zoltandragon · 2008-12-18 13:46:11

Sooo, as a Christmas present, could somebody help me on this? How should I implement this? I would like to use OpenID especially with commenting. Any help much appreciated :)

aclorange · 2009-01-19 14:22:16

Manfre, I want to use this future plugin. In russian comunity forum exist some topics, where users want to use openid too. Please do this plugin, it will be very usefull, especially in future, when all internet-users will use only openid or some other technology like openid.

Bloke · 2009-01-19 14:49:47

aclorange wrote:

… when all internet-users will use only openid or some other technology…

Hahaha! Over my dead body will I have an openid :-) Sorry for the OT: this plugin is actually a great idea, just not for everyone.

ruud · 2009-01-19 16:05:09

Stef, you’re making me curious… is there something wrong with openID?

Bloke · 2009-01-19 17:22:41

ruud wrote:

Stef, you’re making me curious… is there something wrong with openID?

Not inherently wrong, just misguided imho.

It’s a noble effort — and for people who have bad memories or set their PINs to the same number across all store cards, it’s fine to use one set of details for everything. The decentralized nature of OpenID is appealing, but it doesn’t address my basic privacy need: whenever I choose to order something, buy something, or sign in to a service, I can choose who I want to be or how much I give away.

I have (currently) 56 e-mail addresses and countless passwords for each service I use. And because I never let the browser remember my passwords or login details and use most of the services (at least the ones I care about, like TXP!) regularly, I remember them all. I have different e-mail addresses for all sorts of things, and if someone abuses an address I bin it and get a fresh ‘un. It’s like a one-time-pad of e-mail addresses and, crucially, every one of those throwaway accounts is under a false name, false location, false whatever.

If I’m curious about a new tech feature and the site where the info is kept asks me to sign in and waves an OpenID in my face, when I sign in with my one-stop URL, I am me. Well, as much “me” as anyone cares to prove. It might not be me, but in a society where “if the number checks out, you must be the person it says, even though the picture is different” rules, vigilance is a thing of the past. Either way, “my” details are there whether I want them to be or not. I have lost the choice of anonimity.

What do they do with that info? Nobody knows. They could do what 90% of other companies appear to do and ignore the fact that I always tick the “do not contact me under any circumstances” box [usually, if the system of storing data on their server is automated they’ll find some way to circumvent my preference in the Ts & Cs. If the system of storing data is manual transferring of data, e.g. at a bank, someone who isn’t paid enough to care might not bother passing my preference on because it’s an extra click]. Of course there’s the OpenID phishing angle to consider too, for the unsavvy. And of course, tracking what I’ve logged into or looked at is easy precisely because that is what the system is supposed to do.

With something as benign as market research data, I love wasting their time and making stuff up or putting obscure things in the results because it skews the stats. The whole market research paradigm is built on the notion that people will tell the truth. All it takes is one person to lie and the system is no longer trustworthy as a basis for making decisions. It’s the same, to a slightly lesser degreee, with OpenID. I could get 56 OpenID accounts if I wanted and use them like I do my current e-mail addresses!

Also, a single entry point for any system means a single point of failure. One compromised ID on one site and my house of cards tumbles. The system — any system — that relies on one piece of so-called immutable data is flawed, imo. It’s why I oppose all ID card schemes (especially ones that cosy up to OpenID!) because they cannot possibly offer security, combat fraud or do anything that its purveyors claim.

A biometirc card with my DNA info on it that is sold to companies by governments for profit; that’s what’s being proposed to run my life. Accepting OpenID is a step towards “well, you do it on the ‘net, you might as well do it in real life too.” [incidentally, it always makes me laugh that the shaky premise of the former authentication mechanism is built upon the fact that my DNA is unique when it isn’t; the margin of error is surprisingly high. Coupled with that, I share my DNA with, what, 1 in a few hundred million people? Even 1 in a billion is at least 6 other people in the world. Not to mention fragments of it on anyone I’ve touched or been near, or on anything I’ve touched today…]

A couple of other articles that support my (wildly unpopular, it seems) views: OpenID is a bad idea | OpenID deseves to die.

Bottom line: I like choice, and choosing not to give my sole ID away to people I don’t know or don’t inherently trust is my way of dealing with it. For everything else there’s OpenID :-)

Bet you’re wishing you’d never asked now!

Last edited by Bloke (2009-01-19 17:27:08)

Destry · 2009-01-21 11:43:20

So tell us how you really feel, Stef. :)

Manfre · 2009-01-21 14:45:11

Stef, I think you have set the paranoid bar a little bit higher. While I do agree with single points of failure being bad, openid works really well with condensing otherwise useless, non-anonymous accounts to one.

You should really save yourself the trouble of managing so many accounts and just use bug me not and the obligatory spam hotmail|gmail|yahoo account.

Textpattern CMS

Textpattern CMS support forum

#13 2008-12-15 09:57:38

Re: openid $5000 bounty?

#14 2008-12-15 14:20:53

Re: openid $5000 bounty?

#15 2008-12-15 14:23:33

Re: openid $5000 bounty?

#16 2008-12-15 14:24:10

Re: openid $5000 bounty?

#17 2008-12-15 14:26:01

Re: openid $5000 bounty?

#18 2008-12-18 13:46:11

Re: openid $5000 bounty?

#19 2009-01-19 14:22:16

Re: openid $5000 bounty?

#20 2009-01-19 14:49:47

Re: openid $5000 bounty?

#21 2009-01-19 16:05:09

Re: openid $5000 bounty?

#22 2009-01-19 17:22:41

Re: openid $5000 bounty?

#23 2009-01-21 11:43:20

Re: openid $5000 bounty?

#24 2009-01-21 14:45:11

Re: openid $5000 bounty?

Board footer