Though there’s still a creepy fuzzy anonymous head where my picture is supposed to be, I’ve got my first post up on the Forrester Research Security & Risk blog. It discusses the recent 37signals decision to stop using OpenID and the larger “button-based login” environment in which OpenID can be considered a positive influence. As a bonus, it provides a new Venn diagram comparing features of OpenID + attribute exchange, the SAML web browser SSO profile, and OAuth + “connect”-style login.
Later: Neat, it’s been cross-posted to the CSO Online blog as well.
On 37signal’s decision to drop OpenID: Good company, bad move.
On lack of bulletproof OpenID libraries: I have to say that so far I have been very impressed by the Federated Identity implementation in the Google App Engine. It makes it super easy for the developers to write apps using OpenID. I hope Google moves it out of the Experimental phase to full production soon.
Bad UI/UX of OpenID OR NO one remembers their OpenID URL: Like I have said in the past, ALL OpenID providers should utilize unbound discoverable URLs.
unbound discoverable URLs provide the UI/UX that will enable wider adoption of OpenID. Nobody remembers their OpenID URL, nor should we expect them to.
So far only following OpenID providers utilize Unbound Discoverable URLs:
myopenid
yahoo
Hyves
myspace
myid.net
google
yahoo japan
AOL
Verisign
Kudos to them, but this list need to grow.