Security News

Google moves to address OpenID confusion among users

By Angela Gunn | Published October 29, 2008, 2:29 PM

Acting on concerns that OpenID's a great idea but a miserable user experience, Google on Wednesday announced an API based on usability research for OpenID identity providers.

OpenID-accepting sites (aka "relying parties") using the new API can allow visitors to log in using only their Google account, with no need to figure out a new username and password. In the example given on Google Code Blog, if a visitor to an OpenID-accepting has a gmail.com address, they'd be temporarily taken back to Google and asked if she or he wished to sign into the new site using that address.

Google would also alert the user to any information that would be shared between Google and the new site. One more click and the user's back to the original site, and logged in just as if she or he had an account there.

The latter half of October has been busy for OpenID aficionados, as discussion about user-experience barriers to adoption heats up.

Microsoft added Live ID to the list of OpenID providers just this week. And some sobering user-experience data from Yahoo testing over the summer led to frank, lively, and maybe even productive discussion at the OpenID UX Summit held at the company last week.

The Google blog also noted that work continues to combine the OpenID and OAuth protocols. OAuth is designed to allow secure API access delegation; a successful combination would allow sites to share additional user information without oversharing such things as passwords. Google launched its OAuth Playground sandbox in September.

Comments

View comments by with a score of at least

darkfire79
Oct 29, 2008 - 6:40 PM

I liked MS Passport when quite a few sites use it.. Now I think only one I use lets you login with it. If I remember correctly it had security issues, but can they be any worse then this? It was less complex.. At least from what I've seen. Course, now that Live ID is added I guess it doesnt matter.

Score: 0

|
Post Reply
Angela Gunn
Oct 29, 2008 - 4:57 PM

Well, it *is* kind of the entire point of the OpenID spec, but you may well be happier with another provider :-) . I'm eager to see what sorts of providers we eventually end up with; I would expect some to be mainstream and some to be less so, and I predict a very viable niche for an ultra-privacy-conscious provider. Which, hey, sign me up.

Score: 0

|
Post Reply
lazarus98
Oct 29, 2008 - 2:56 PM

"Google would also alert the user to any information that would be shared between Google and the new site." LOL
Yeah.. I'm going to trust Google with keeping my information private.. Thats a laugh

Score: 0

|
Post Reply

Report: Microsoft to randomize Europe's browser screen choices

The fact that "A" is for "Apple" was apparently at the heart of browser vendor objections to Microsoft's alternative to listing IE first.

Acer eclipses Dell for #2 spot in global PC shipments, says iSuppli data

It literally does look like a 360-degree turnaround in Dell's fortunes, as the bells of bad tidings now toll solely for Dell.

Microsoft, don't hang up on Windows Mobile, but do call for help

Only a Manhattan Project can save Microsoft's phone strategy now.

See ya later, WinMo: Microsoft's mobile strategy needs a reboot

Carmi Levy | Wide Angle Zoom: Hands up if you're considering upgrading to a Windows phone for the holidays...Anybody?

Playing catch-up in 2010: Windows Mobile, BlackBerry, and Symbian

Microsoft, RIM, and Nokia are each working on improved mobile operating systems. But could these efforts add up to too little, too late?

Will Nokia's plans further alienate American consumers?

A look at Nokia's plans for the coming years does little to shine up the company's increasingly dull image.

Bing bonked by service outage Thursday, Microsoft configured the wrong server

It's always nice to have a backup, but it's even nicer to remember which one is the backup. That's the lesson Bing's admins learned yesterday evening.

Survey reveals there are more women then men, including on social networks

If you think you can market your products and services online as though you're selling car batteries in the middle of halftime, think again. And again.

Android team updates 'Donut' and 'Eclair' SDKs

The Android SDK includes components which optimize app development for each version of the mobile operating system. Today, the 1.6 and 2.0 components got updates.

The Black Screen Syndrome, or, Tech news in search of the apocalypse

Scott Fulton On Point: This is a story about something that should not have been a story, about something that at one time was a story.

Online advertising evolves away from display, toward interactive software

Marketing departments and agencies are increasingly establishing positions for "creative technologists" who can steer designers and developers toward platforms that enable direct connections with consumers.