OpenID’s slow adoption
On Friday I had a quick Twit with Uno on why the adoption of OpenID is soooo slow. We were limited by time and Twitter’s word count so it did not go on for too long. I was actually wrong in that conversation. I stated that it was being overcomplicated and thats the reason why non-technical people don’t use it.
Later on I thought, what a “twit”! The main reason for its slow adoption is due to limited support in online services. If more big sites support it, more people will start implementing it. There is currently little value for users to use OpenID, since 9 out of 10 times they will have to sign up at a web site with a normal username and password anyway since that site does not support OpenID. Simple as that. Technical folks all have an OpenID because they see the future value of it and they like the concept.
What we must look at is why so many sites are not implementing it. When I implemented it for Afrigator I found that there is very little support or examples of how others before me have done it and I had to go very much into the technicalities of how the protocol actually works. There was at that stage 2 libraries for PHP that one could re-use for your own apps. There might be more now, but not sure. I think Python has a little more libraries, but not to sure about that fact.
Our very own Armand du Plessis is involved in a very, very interesting project which allows people to use their Facebook logins as an OpenID provider. It is called Identitude. I applaude this effort as it not only is extremely useful, but it also creates a great awareness of the OpenID technology. Great job Armand! Here is a great post explaining most of it.
Blogged with Flock
Tags: openid, facebook, identitude
4 Comments to "OpenID’s slow adoption"
Spit it out!
Kick-ass Tools, Semantic Web, Social Web Stii
Recent Posts
- Astalavista Wordpress!
- Lifestreaming and Twitter is making us lazy
- Days with my father
- Friday morning fail by a stripper
- Got Springleap!
- Afrigator vs Regator
- Don’t pirate music/movies! You might be forced to use Windows if you do…
- Pike > Python?
- Using Twhirl for FriendFeed
- Being anti-social SUCKS!
My Posse
- Jayx’s bloggy
- Gogo’s blog
- Go2 South Africa
- Stumble Upon
- Dave Duarte
- Wikipedia
- zlythern
- Max Kaizen
- Tresblue
- Mike Stopforth
- RafiQ
- Muti.co.za
- Employmint
- Danette’s Bloggy!
- Thinking Machine
- White African
- kiefpiet.co.za
- Skuff’s World
- Goozeberry
- Crossloop blog
- Crossloop
- Aquila Online
- Charl van Niekerk
- Derek Allard
- Code Igniter
- Carls
- Justin Hartman
- blik.co.za
- Stefano Sessa
- Uno de Waal
- Amplitude!
- bLaugh
- Tyler Reed
- Chris Rawlinson
- Stormhoek!
- 3am
- Mike Solomon
- Mobile Q and A
- Eric Edelstein
- Marc Forrest
- Imel Rautenbach
- Absolutewillie
- Vincent Maher
- Colin Daniels
- Groogle!
- Chilibean
- Paul Jacobson
- Ayelet
- Python Guru Neil
- Rails Guru Nic
- Beverley Merriman
- Miguel
- Nic Harrywhatshisname
- Chris iMod
- Geekrebel!
- Steven McD
- Belinda sweetheart!
- Henre Rossouw
- JPGeek
- Foxinni
- Adii
- Charl Norman
- Bandwidthblog
- Jason Bagley
- Simon Botes
- Auric Silverwing
- Mark Forrester
- Saul Kropman
- Fred Roed
- Sass Schultz
- Gregor Rohrig
- Catherine Lückhoff
- Toastmasters
Filed in
- Afrigator (26)
- ajax (9)
- API (2)
- Apple stuff (10)
- Blogging (25)
- browsers (5)
- Business (28)
- Code Igniter (8)
- firefox (8)
- flock (14)
- Funnies (73)
- GeekDinner! (18)
- General and sometimes Rants (49)
- Go2SA (2)
- ideas 2.0 (14)
- javascript (12)
- Kick-ass Tools (30)
- Linux (5)
- Marketing (25)
- moo.ajax (4)
- mootools (6)
- Open Source (10)
- Programming (33)
- C# (1)
- PHP (13)
- Python (9)
- Ruby (on Rails) (9)
- RSS (5)
- Semantic Web (32)
- Social Web (57)
- Software Development (15)
- South Africa (33)
- Tagging (6)
- Techie stuff (22)
- Tshirts (3)
- Tutorials (42)
- Blogging (17)
- Flocking (6)
- muti.co.za (13)
- Web 2.0 (73)
- web development (20)
Past Stuff
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
Thanks for the link
I haven’t had as much time as I would’ve liked the past two weeks to work on it but if all goes well there should be a significantly updated build up either this evening or at the latest by the weekend and a post to explain the new functionality to go with it.
Over the next couple of weeks I’ll also change it from a prototype that only really makes sense to people that understands OpenID to something more widely accessible
And I agree with you, there’s been a lot of talk the past couple of days over OpenID being too complicated and confusing. But email used to be the same. Still today if you try and explain pop3, smtp or imap to someone they would probably look at you strange but that doesn’t stop the majority of the worlds population from using it. As soon as more sites supports OpenID and people start getting used to it, the focus will start shifting away from the technicalities of the OpenID specs and protocols to the value of using something really useful.
Well said, Armand. You are exactly 100% right. Any new technology is, well, new and complicated.
In a nutshell: OpenID is insecure and overly complex.
OpenID is subject to multiple points of attack including DNS forgery against the server, modifying files on your web host, and various script attacks against your browser. CSRF attacks will probably make OpenID an all-areas pass to your online accounts.
The insecurity stems in part from relying on the security of DNS (bad idea), in part from the complexity of the protocol and protocol model (which make threat modeling difficult), and in part from the idea that a common web host becomes a Trusted Third Party.
In short, no-one who has any intention of keeping their online accounts accessible to themselves only should be using OpenID for anything, ever.
Interesting, Twylite. I do however still think it is a great idea! Yes, there are dangers and attacks behind it (like phishing, etc). That does not mean we should drop it completely! There are dangers using your credit card online. That does not stop us from doing it. We hope and pray they make it secure enough so our details do not get stolen… Well, I’ll keep on supporting it as I love the idea and philosophy behind it!
I do agree that it is somewhat overly complex! Sometimes I get the feeling that people think making things complex is a solution to security risks…