Comments on: Roll your own OpenID, the easy way http://blog.iconara.net/2008/08/13/roll-your-own-openid-the-easy-way/ Tue, 20 Jul 2010 14:27:00 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Eric Greveson http://blog.iconara.net/2008/08/13/roll-your-own-openid-the-easy-way/comment-page-1/#comment-7250 Eric Greveson Wed, 13 Aug 2008 21:34:11 +0000 http://blog.iconara.net/?p=259#comment-7250 <p>I've tried OpenID as an authentication service for Web apps that I've written before, and although the coding and management consequences are quite nice (no need to worry about storing usernames and password hashes, writing "reset password" forms, or giving users yet another password to remember), there is a more fundamental problem.</p> <p>The URL-as-username model is all well and good for developers and 8-year-olds but it completely throws a large proportion of people who use computers and the internet every day as part of their job. URLs are for typing in the address bar and pasting into emails: usernames are typically either text-only fields or email addresses. Having a username beginning "http://" can confuse otherwise intelligent users, and makes them question if they're inputting their details correctly.</p> <p>The situation can be improved by partially filling in the login box (e.g. typing the "http://" part automatically), but it's still a bit weird compared to everything else on the web.</p> <p>I'd personally like to see some common auth standard emerge, even if it is OpenID, but I won't be inflicting it on my users again for a while yet.</p> I’ve tried OpenID as an authentication service for Web apps that I’ve written before, and although the coding and management consequences are quite nice (no need to worry about storing usernames and password hashes, writing “reset password” forms, or giving users yet another password to remember), there is a more fundamental problem.

The URL-as-username model is all well and good for developers and 8-year-olds but it completely throws a large proportion of people who use computers and the internet every day as part of their job. URLs are for typing in the address bar and pasting into emails: usernames are typically either text-only fields or email addresses. Having a username beginning “http://” can confuse otherwise intelligent users, and makes them question if they’re inputting their details correctly.

The situation can be improved by partially filling in the login box (e.g. typing the “http://” part automatically), but it’s still a bit weird compared to everything else on the web.

I’d personally like to see some common auth standard emerge, even if it is OpenID, but I won’t be inflicting it on my users again for a while yet.

]]>