Security News

Google moves to address OpenID confusion among users

By Angela Gunn | Published October 29, 2008, 2:29 PM

Acting on concerns that OpenID's a great idea but a miserable user experience, Google on Wednesday announced an API based on usability research for OpenID identity providers.

OpenID-accepting sites (aka "relying parties") using the new API can allow visitors to log in using only their Google account, with no need to figure out a new username and password. In the example given on Google Code Blog, if a visitor to an OpenID-accepting has a gmail.com address, they'd be temporarily taken back to Google and asked if she or he wished to sign into the new site using that address.

Google would also alert the user to any information that would be shared between Google and the new site. One more click and the user's back to the original site, and logged in just as if she or he had an account there.

The latter half of October has been busy for OpenID aficionados, as discussion about user-experience barriers to adoption heats up.

Microsoft added Live ID to the list of OpenID providers just this week. And some sobering user-experience data from Yahoo testing over the summer led to frank, lively, and maybe even productive discussion at the OpenID UX Summit held at the company last week.

The Google blog also noted that work continues to combine the OpenID and OAuth protocols. OAuth is designed to allow secure API access delegation; a successful combination would allow sites to share additional user information without oversharing such things as passwords. Google launched its OAuth Playground sandbox in September.

Comments

View comments by with a score of at least

darkfire79
Oct 29, 2008 - 6:40 PM

I liked MS Passport when quite a few sites use it.. Now I think only one I use lets you login with it. If I remember correctly it had security issues, but can they be any worse then this? It was less complex.. At least from what I've seen. Course, now that Live ID is added I guess it doesnt matter.

Score: 0

|
Post Reply
Angela Gunn
Oct 29, 2008 - 4:57 PM

Well, it *is* kind of the entire point of the OpenID spec, but you may well be happier with another provider :-) . I'm eager to see what sorts of providers we eventually end up with; I would expect some to be mainstream and some to be less so, and I predict a very viable niche for an ultra-privacy-conscious provider. Which, hey, sign me up.

Score: 0

|
Post Reply
lazarus98
Oct 29, 2008 - 2:56 PM

"Google would also alert the user to any information that would be shared between Google and the new site." LOL
Yeah.. I'm going to trust Google with keeping my information private.. Thats a laugh

Score: 0

|
Post Reply

Google Chrome 4: Yes, it's fast, but is it usable?

As Betanews readers have responded to our stories about Chrome's JavaScript superiority...Does that mean we'd actually use this browser? Well...

Video: Netflix on PlayStation 3

Netflix has come to the PlayStation 3 via Blu-ray and BD-Live.

Verizon Wireless launches new Android, Chocolate, and ruggedized phones

The lower-priced Eris joins the Droid, while the Chocolate gets a touchscreen and more music playback.

Early sales figures for Windows 7 nicely high, but do we know why?

Fans of triple-digit surges in figures quoted by Betanews will love this one, as it appears Microsoft rediscovered how to pull off a software launch.

Myka announces its latest Linux-based 'net top box'

Myka's ION brings Boxee, XMBC, and much more to HDTVs.

What hath Mac wrought? A remembrance after a quarter-century

The reason there's a Macintosh today is not because of some brilliant flash of engineering genius, but because Apple had the audacity to learn from its mistakes.

Early build of Moblin 2.1 improves connectivity, but not device support

The Linux Foundation's Atom-centric OS yesterday received a major overhaul with the project release of Moblin 2.1 for netbooks and nettops.

The iPhone's China syndrome: Sales of 5,000 and climbing

There's actually a country where Apple's device is not a godsend, where sales can be measured in the dozens.

New European counterpart to FCC will ensure 'a more neutral net'

Late Thursday night, the ruling telecom administrators of the EU's member nations signed away their final authority to a new entity overseen by the EC.

Sophos study suggests Windows 7 UAC's default setting is self-defeating

Without any anti-virus installed, a Sophos test showed, User Account Control was only capable of thwarting just one malware package out of ten samples chosen.

Indiscreet tweet trips awareness of Web SSL vulnerability

A group of high-level security engineers had been making progress on thwarting a low-level threat to the Web, until somebody blurted it all out on Twitter.