OpenID vs OAuth
Posted on April 15th, 2008 by Greg Allard in OpenID, Programming | Comments
After attending the recent BarCamp, I realized how much talent the Orlando community has. Central Florida seems to be booming with web developers and start-ups. There was one such company that did about 3.5 presentations on the first day (I missed out on the second day). The .5 part was what interested me most. It was titled “ Fuck OpenID“. Which I was definitely interested in since Jason Buckner and I did a presentation at the previous BarCamp about OpenID, and threw in a quick plug for TinyID.us.
Their main point as a downside was usability. Which I can agree isn’t perfect, but I don’t see their solution as any better since the same thing can be achieved by OpenID. They suggested using OAuth with Google and directing your users towards a Google page that will authenticate you and send you back. OpenID enabled sites can do something similar. Since many people already use AIM, Yahoo, or LiveJournal, you can provide your users with a list they can choose from. A great example of this is Pibb’s sign in page where they populate the login field for you so you only need to type your username.
At the time of the presentation there wasn’t a Google OpenID provider, but after Google launched the beta of their app engine, someone made one.
Hopefully browsers will begin to start implementing OpenID support (so I don’t have to use VeriSign’s SeatBelt) to help with the usability challenge and phishing vulnerabilities, but for that to happen, I think more websites need to be supporting OpenID as a log in option. Also, more websites need to take the Pibb route with having it as the only option and making it easy, instead of hiding it behind a normal login page.
I use webfaction to host a lot of my django projects. It has an easy setup that will get you developing quickly and a great community of talented programmers. There is also a quick setup for rails, wordpress, and a lot more.
Related posts:
- Secure Your OpenID There are a lot of phishing vulnerabilities with OpenID: see http://marcoslot.net/apps/openid/ if you haven’t. One awesome solution I’ve come across...
- OpenID Enabled If you haven’t stumbled upon any sites that use OpenID yet, I’ll fill you in on why you might be...
- CyTE g9 Released CyTE g9 is now available for download. See http://cyte.googlecode.com for all versions. Miscellaneous Changes Added the include_files function to the...