[OSM-dev] OpenID Single sign on

Anselm Hook anselm at gmail.com
Wed Apr 18 20:04:48 BST 2007


>
> I don't understand what you are trying to say there. The whole entire
> point of OpenID is third party providers. There is no need for OSM to
> have it's own provider. I'd almost prefer it not to.


There is no need for OSM to be its own provider.  I would also prefer it not
to.

> I have had the same temptation for my own projects; being
> > able to _offer_ openid seems to give both the openid benefit and the
> > closed id benefit.
>
> What do you mean? What is the "closed id benefit", except that it's
> easier to implement.


Sometimes developers are reluctant to push out "mission critical" aspects of
their service to third parties.  For example I wrote a large social
web 2.0project which relied on an early version of inames for its
identity
management.  When inames was revised all of the user accounts were broken
for a while (we could no longer talk to the password database).  On a more
personal note, I've tried to log into services like Jyte when my OpenID
provider was down for maintenance...  and could not.  If your OpenID
provider were to blow up, you cannot log into anything at all.  Another risk
of OpenID, or any third party ID service, is that it is subject to man in
the middle attacks.  What if the provider is malicious - or is subverted?

 - a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20070418/6eded904/attachment.html>


More information about the dev mailing list