This is the
talk page for discussing improvements to the
OpenID article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Archives: 1 |
![]() | This article is rated B-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||
|
This is totally missing, there's a total lack of overview of OpenID releases. This is particularly important as they moved to a non-numerical versioning scheme. — Preceding unsigned comment added by 119.236.162.39 ( talk) 03:50, 17 December 2017 (UTC)
I agree -- Sakimura ( talk) 18:49, 19 October 2018 (UTC)
Article is incorrect as it lists Facebook as OpenID provider. Facebook is OpenID relaying party but not provider. Source: http://stackoverflow.com/questions/1827997/is-facebook-an-openid-provider. I can confirm this, tried to use my facebook page facebook.com/myusername as an OpenID URL. It didn't work. —Preceding unsigned comment added by Ilkkao ( talk • contribs) 12:43, 3 May 2010 (UTC)
Microsoft is neither OpenID provider http://stackoverflow.com/questions/2424449/provider-discovery-url-in-windows-live-id The table is really misleading. —Preceding unsigned comment added by Ilkkao ( talk • contribs) 18:10, 3 May 2010 (UTC)
The article mentions something called a "delegated identity" and says it will be explained below but it does not do this. Can someone please add this information? —Preceding unsigned comment added by 41.222.128.72 ( talk • contribs) 08:39, 1 November 2008
I think a such comparison would be interesting. A possibile source to summarize: this white paper ( 151.97.56.8 ( talk) 17:56, 1 December 2008 (UTC))
Single_sign-on#Common_Single_Sign-On_Configurations says that OpenID is not a single sign-on system, while the intro of the OpenID article says that it is. - Pgan002 ( talk) 07:31, 19 February 2009 (UTC)
There is no discussion in this article about the serious security issues that arise with having a single username/password combo that can log into every site on the planet. Crack my myspace account, and you can then precede to clean-out all my bank accounts. Really. Bad. Idea. —Preceding unsigned comment added by 71.57.108.198 ( talk) 00:35, 30 March 2009 (UTC)
This is my open id account Myopenid It's just ripe for spam. The whole openid thing is bad news, at least my bank doesn't use it 'yet'. —Preceding unsigned comment added by 94.169.97.57 ( talk) 00:40, 5 October 2010 (UTC)
Even worse, I am to understand that if I have an AOL account, without any action on my part I now automatically have an OpenID, which anyone who cracks my AOL acct can now use to sign-up on any site that uses OpenID? So I have to now go around canceling all my accts that automatically create OpenID accts? Please tell me I'm misunderstanding something here. —Preceding unsigned comment added by 71.57.108.198 ( talk) 00:39, 30 March 2009 (UTC)
I see couple accusations not backed by any technical explanation - for instance the phishing attacks. My question is how do you defeat SSL/TLS then? And if you are redirected to a non-encrypted login page, you shouldn't give your credentials anyway. —Preceding unsigned comment added by 109.239.167.80 ( talk) 22:32, 28 February 2011 (UTC)
I've just removed this from the "2009" subsection "In May Facebook launched their relying party functionality, letting users use a Google, Yahoo or OpenID to log into their Facebook account." It has no source, I've found no source for it, and www.facebook.com shows no sign of this, so until someone proves contrary, I'm considering untrue (remember source should ALWAYS be posted). HuGo_87 ( talk) 19:54, 6 June 2009 (UTC)
Sorry. I can't figure out what this is all about. All I want to do is login this new supposedly simpler way to some website. Jidanni ( talk) 23:10, 10 September 2009 (UTC)
I have been reading up on openID for around an hour, and still haven't any real idea what it is. I presume there are three situations:
user, Website using openID to log in, website acting as openID provider .... but there might be some kind of indirect openid.
By far the worst article is the wikipedia one, which basically is a bit like reading an account of Christianity which fails to mention someone called jesus, because it is basically written by and for a bunch of Roman Catholic theologians and not for someone who hasn't the faintest clue what Christianity is.
What is openID? I think it is a way to be able to sign on to many websites using one single ID ... or perhaps not ... perhaps it is a way to autheniticate a website as being authentic, so I know a site with "OPENID" has signed up for an openID?
... and then can/would I want to, integrate this with my own PHP driven password authentication on my own websites.
79.79.255.151 ( talk) 09:25, 15 September 2009 (UTC)
I was heavily misled by the original intro, in that it seemed to imply that OpenID provided a means for universal login to any site. After spending quite a bit of time investigating, I have realised that openID simply provides a common standard for a website to vouch for a user. This does not remove the question of "can I trust this person", but instead replaces it with "Can I trust the website that says they trust this person" .... and remember any person can create a website vouching for users like spam597.spambotsRus.com
So, I have changed the intro to remove the suggestion of universality of login in, and to emphasise that some openIDs will be more open than others Bugsy ( talk) 12:49, 19 September 2009 (UTC)
Check my credentials and lookup my filed patents with the USPTO. Or search google "dennis lyon invention" in the WIPO. —Preceding unsigned comment added by Globalstage ( talk • contribs) 04:04, 3 October 2009 (UTC)
Someone claiming to be Dennis Lyon is claiming to have invented OpenID. He cites a WIPO filing from 2006, a year after OpenID was developed, and a patent application from 2009. The last time someone removed this unsupported claim from the article, he put it back in. —Preceding unsigned comment added by Klodolph ( talk • contribs) 08:24, 3 October 2009 (UTC)
This is a great discussion since we would like to have strong IP when our patent issues and any papers or concepts that are before our conception, we would like to bring to our examiners attention before we are issued a patent. Can you please cite? —Preceding unsigned comment added by Globalstage ( talk • contribs) 17:12, 4 October 2009 (UTC)
I have already exceeded the limitations on edit reverts under the three-revert rule, and will refrain from editing the article for a while. Mr. Lyon's edits still do not satisfy Wikipedia policies, and may constitute an attempt to inappropriately exploit Wikipedia to influence a patent prosecution and possible future litigation. Based on this, I believe that any further additions of Mr. Lyon's claims that aren't accompanied and explicitly verified by reliable independent sources should be removed immediately. Dancter ( talk) 18:29, 4 October 2009 (UTC)
Here is the patent; User authentication and secure transaction system . Naturally it says absolutely nothing about OpenID. Whether it is the same as OpenID is a matter of personal interpretation, making it an unsuitable cite on Wikipedia as Dancter explains above. If Globalstage wishes include this issue on the OpenID article a reliable source must be produced that discusses the similarities between them. Until such a cite is provided we have nothing but Globalstage's opinion that the patent describes OpenID. -- Escape Orbit (Talk) 22:21, 4 October 2009 (UTC)
Here is a simple piece from the patent: "Parties may specify authentication procedures. A party may be authenticated for one or more third parties and may be authenticated in a manner without disclosing some or all of the party's personal information to the one or more third party." Sounds like OpenId however you can cite many parts of the patent that describe OpenID. This application is the reason why you do not see another application for a patent as it turns up in searchs and is cited by examiners as prior art. —Preceding unsigned comment added by Globalstage ( talk • contribs) 22:33, 4 October 2009 (UTC)
We would like an editor to update the history to give credit to Dennis Lyon for this technology. Our research indicates we are over 1 year prior to any version of "Yadis" of "OpenID" ever being released and 3 years and more to the inclusion of a data exchange and token additions. please see "Flash Of Genius Doctrine" which was soon overturned however a catalyst for this technology exists in the "Dennis Lyon Identity Theft Case". —Preceding unsigned comment added by Globalstage ( talk • contribs) 18:08, 25 October 2009 (UTC)
Your responses are moot in light of this patent application. This wiki does serve to prove the technology of my patent. You can go around calling the technology whatever you want, however the simple fact remains that a patent application exists and describes it. We make no threats of lawsuits here. Innovation is what drives America. Please use your common sense and know that you cannot go around saying something is yours when its not. —Preceding unsigned comment added by Globalstage ( talk • contribs) 20:07, 1 November 2009 (UTC)
Fitztpatrick's claim to be the originator of OpenID in June 2005 is not supported by the evidence. Microsoft was introduced to a small part of a concept called TADAG (Trusted Authenticated Domains & Gateways - www.tadag.com) in June 2004. Microsoft began covert development of the OpenID concept early in 2005 before being challenged by the UK-based originator, David Gale, after a live confidential security briefing in Redmond in April 2005. The contact and discussions are documented across multiple Microsoft employees for months before and after the IPR challenge. Senior Microsoft executives have never disputed the chronology provided by TADAG's author but the company instead went on to sponsor OpenID's arm’s length development. I was the original contact point inside Microsoft Corp for discussions on the development of TADAG. 46.208.31.163 ( talk) 22:11, 19 April 2011 (UTC)Daniel Fell
I don't know if anyone else is willing to work on it, but the latter half of the History section focuses a little too much on companies and adoption (while still overlooking mixi, which is huge in Japan) when there are quite a few other important aspects to cover: the Provider Authentication Policy Extension (PAPE), the Contract Exchange (TX) extension, the rise of Facebook Connect, OpenID+ OAuth, initiatives such as advisory committees for the retail and content provider sectors, government adoption, etc. Dancter ( talk) 22:49, 13 October 2009 (UTC)
This article has some rather glowing ad-like prose, how-to examples, and talk page editorializing... what it really needs is more description of the facts, like what information the OpenID provider communicates to the site the user wishes to use and vice versa. Wnt ( talk) 17:30, 1 July 2010 (UTC)
I'm a software engineer with over 20 years experience and am annoyed that I can't make heads nor tails of this. This set of explanations just does not pin down what is what.
I was ALSO going to rail on about how this explanation was written entirely for someone who already understood the subject, but the person who started the discussion section:"Clear as Mud" said precisely that. Yes, whomever you are at 79.79.255.151, you nailed it.
It immediately brings to mind two things in my past. The Java security framework documenation. And the FAA certification requirements specs. Tgm1024 ( talk) 00:59, 12 December 2011 (UTC)
Hit the page searching for manymoon, and landed here. Quipped text included 'vulnerable', so searched on that within the page.
"In March, 2012, a research paper [22] reported two generic security issues in OpenID. Both issues allow malicious to sign into victim's relying party accounts" - malicious what? - relying? Bs27975 ( talk) 11:52, 25 April 2012 (UTC)
The section title "OpenID vs. pseudo-authentication using OAuth" shows bias by branding OAuth as "pseudo-" authentication. (OpenID, by comparison, must be "real" authentication?) The section text contains no citations. There is no definition of a "valet key" or how it differs from the "certificate" sent in OpenID. The diagram does nothing to enhance understanding, it conveys the same bias as the text, and has insufficient color contrast which makes it difficult to read. Please remove this section from the article. — Preceding unsigned comment added by 192.236.20.254 ( talk) 17:25, 18 May 2012 (UTC)
Despite the differences from OpenID 2.0, OpenID Connect is still OpenID, and is in fact the successor to OpenID 2.0. While I don't oppose sub-articles for individual versions if necessary, I think OpenID Connect coverage should be integrated into this article. Dancter ( talk) 17:47, 25 August 2014 (UTC)
OpenID Connect now redirects here. See Talk:OpenID Connect#Merge with OpenID?. -- P 1 9 9 ✉ 18:11, 27 April 2021 (UTC)
To simplify the first paragraph, all of the text from "Several large organizations either issue or accept OpenIDs ..." to the end should be moved to the Adoption section.
In the Adoption section, it would be helpful if there were separate lists for those who issue (ie provide) and those who accept, and also if there was some indication of the number of providers (rather than just of account holders and accepting sites).
203.129.56.132 ( talk) 13:14, 26 November 2014 (UTC)
The information in this article needs to be summarized in the form of an infobox. I cannot format a basic infobox without it getting removed by a user or starting an edit war, so I request that an infobox be added to the article, summarizing the key points. TheFallenOneGOTH ( Talk) 22:44, 24 April 2015 (UTC)
Hello fellow Wikipedians,
I have just modified 5 external links on OpenID. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 20:37, 5 April 2017 (UTC)
There used to be a List of OpenID providers, but it was replaced by a redirect here. From the page history, however, I found several providers that do NOT require you to give up a cell phone number (or similar) to gain an openid account.
After several attempts, I found one that is still working. This one I just used myself successfully, and I've verified that I can now post blog comments using it. It has English instructions. Cheers CapnZapp ( talk) 10:08, 22 June 2017 (UTC)
This entry is a mess, contains a lot of untrue or irrelevant information. Also, it probably is violating the Wikipedia principle of an article being not a textbook entry. It should be cleaned up.
OpenID is not Authentication to start with. So, the first line saying "OpenID is an open standard and decentralized authentication protocol" is actually not true.
I have started fixing it but was reverted by User:Bbb23. Need to discuss. — Preceding unsigned comment added by Sakimura ( talk • contribs) 16:23, 17 October 2018 (UTC)
OpenID != OpenID Authentication 2.0.
Create the section and collect all that are OpenID Authentication 2.0 there.
By doing so, it would be much easier to introduce various other "OpenID" specifications.-- Sakimura ( talk) 19:24, 19 October 2018 (UTC)
This article is the subject of an
educational assignment at University of Toronto supported by
WikiProject Wikipedia and the
Wikipedia Ambassador Program during the 2011 Q3 term. Further details are available
on the course page.
The above message was substituted from {{WAP assignment}}
by
PrimeBOT (
talk) on 16:01, 2 January 2023 (UTC)