Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Adopts, Forks OpenID 1.0

timothy posted more than 5 years ago | from the complicationism dept.

Google 316

An anonymous reader writes "Right on the heels of Microsoft's adoption of the OpenID protocol by announcing their intention to enable OpenID authentication against all Live IDs, Google has announced their intention to join the growing list of OpenID authentication providers. Except it turns out they're using their own version of OpenID that is incompatible with everyone else. It seems that Google will be using their own 'improved' version of OpenID (based upon research and user feedback of the OpenID system) which isn't backwards compatible with OpenID 1.0/2.0, in hopes of improving end-user experience at the cost of protocol compatibility and complexity."

Sorry! There are no comments related to the filter you selected.

ok then... (-1)

Anonymous Coward | more than 5 years ago | (#25561287)

it must be bizarro day

Slightly Conflicting Vision Statements (4, Funny)

eldavojohn (898314) | more than 5 years ago | (#25561291)

OpenID's vision statement:

OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.

Everyone else's vision statement:

Fuck OpenID, I'm in control now.

Re:Slightly Conflicting Vision Statements (-1)

Tmack (593755) | more than 5 years ago | (#25561539)

Fork OpenID, I'm in control now.

ftfy

tm

Re:Slightly Conflicting Vision Statements (5, Funny)

Anonymous Coward | more than 5 years ago | (#25561777)

EMBRACE AND EXTEND!!!!

oh...wait...I'm confused, this a Google article, not a microsoft article

Re:Slightly Conflicting Vision Statements (1)

collinstocks (1295204) | more than 5 years ago | (#25562011)

Thus the lack of "EXTINGUISH".

Re:Slightly Conflicting Vision Statements (5, Interesting)

mini me (132455) | more than 5 years ago | (#25562077)

To make matters even more confusing, Microsoft has embraced, but not extended.

How to judge what's going on (5, Interesting)

Bruce Perens (3872) | more than 5 years ago | (#25561857)

Whether or not this is Google overturning an open standard can be judged upon:

1. Do they make it possible for everyone else to implement exactly what they are doing, on both the producer and consumer end, without any patent restrictions, royalties, or discriminatory licensing?

2. How close is what they are doing to the latest version of the standard, not 1.0?

3. Do they try to get what they are doing into version 2.1 (or whatever) of the standard?

4. Do they really have a reason for doing this? Like making the login easier for normal nontechnical people rather than you and I?

Bruce

Re:How to judge what's going on (0, Flamebait)

Anonymous Coward | more than 5 years ago | (#25562089)

5: Has google taken me as a consultant yet? If yes then what they are doing is AOK! if no then their actions are horrible and should be stopped.

Snarky AC comment (4, Interesting)

Bruce Perens (3872) | more than 5 years ago | (#25562255)

5: Has google taken me as a consultant yet? If yes then what they are doing is AOK! if no then their actions are horrible and should be stopped.

Dear AC,

This is an understandable assumption but doesn't reflect the facts. For example, Symbian has purchased consulting services from me. If you look here [theregister.co.uk] , you'll notice that I am not afraid to criticize them.

Had Google taken me on and allowed me to work on the PR for this, I would have had them communicate about it differently. It's no trouble for Google to get this stuff back into OpenID, but they obviously didn't take the trouble to assure people that would happen.

Bruce

Re:How to judge what's going on (2, Interesting)

something_wicked_thi (918168) | more than 5 years ago | (#25562187)

I'm not sure about #3. It might be a lost cause because standards generally don't much like breaking compatibility. Still, I guess it couldn't hurt for them to try.

Re:How to judge what's going on (1)

gsgriffin (1195771) | more than 5 years ago | (#25562299)

I'm not convinced. If something is OPEN and is being developed broadly for general free use, then how is the effort helped by having one company (whether its Google or Microsoft or Apple) that says, "I know the way to go, follow me!" That is not open development. Soon each vendor will have their own version and none of them are compatible with each other. We jump back into Beta vs VHS and BlueRay vs HD. This only confuses the heck out of everyone as to what they should support and develop and adopt. Slows it all down.

Re:Slightly Conflicting Vision Statements (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25562189)

funny that openid's creator works for google :>

don't be evil (4, Funny)

Evan Meakyl (762695) | more than 5 years ago | (#25561309)

just fork it!

Re:don't be evil (1)

Killer Orca (1373645) | more than 5 years ago | (#25561451)

Can't the new features from the fork be put into the next OpenID version so that it becomes future-compatible? (who cares if it's made up)

Google... learning more from Microsoft everyday (5, Insightful)

JCSoRocks (1142053) | more than 5 years ago | (#25561329)

Substitute Microsoft's name for Google and it'd be just another day in tech. Interesting to see Google doing this though.

Re:Google... learning more from Microsoft everyday (5, Insightful)

Johnno74 (252399) | more than 5 years ago | (#25561419)

Yes, except just yesterday Microsoft joined OpenId, _without_ this sort of stunt.

IMHO, microsoft's behavior in the last few years is to be commended, they are worlds away from where they were 10 years ago.

Sadly, google seems to be heading the other way.

Re:Google... learning more from Microsoft everyday (5, Informative)

Anonymous Coward | more than 5 years ago | (#25561583)

According to what evidence?

Google themselves are claiming they're not supporting OpenID version 1, which is what the article is raving about. They claim they're supporting OpenID version 2.0, which as far as I can tell, that's exactly what they're doing. I can't see any difference between Google's documentation and OpenIDv2's documentation, at all. Can you? His "emphasis added" section clearly says the same thing the OpenIDv2's "emphasis added" section says is the difference between the two protocols in the first place.

Sensational press 1, Rational thinking 0.

Re:Google... learning more from Microsoft everyday (1)

suggsjc (726146) | more than 5 years ago | (#25561791)

Google is the new microsoft!!!

Sensational press 2, Rational thinking .5?

Re:Google... learning more from Microsoft everyday (4, Funny)

UltraAyla (828879) | more than 5 years ago | (#25561959)

Sensational press 2, Rational thinking .5?

Don't forget irrational thinking, -2i!

Re:Google... learning more from Microsoft everyday (2, Informative)

sexconker (1179573) | more than 5 years ago | (#25562049)

No, Google is taking OpenID, and putting out their own version.

Google's OpenID is not OpenID, it's GoogleID.

If MS did this, you'd throw a bitch fit.

Re:Google... learning more from Microsoft everyday (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25561625)

Yes, except just yesterday Microsoft joined OpenId, _without_ this sort of stunt.

_without_ this sort of stunt YET.

Re:Google... learning more from Microsoft everyday (0, Redundant)

JCSoRocks (1142053) | more than 5 years ago | (#25561929)

Exactly! Which is why I didn't bother to give Microsoft any points for it in my original post. Microsoft may not have chosen to come right out and say that they're planning on eventually going away from the standard but I think we're all expecting it to happen eventually.

Re:Google... learning more from Microsoft everyday (1)

jskora (1319299) | more than 5 years ago | (#25561683)

Yum, Kool-Aid!

Re:Google... learning more from Microsoft everyday (3, Funny)

Mozk (844858) | more than 5 years ago | (#25561913)

They drank Flavor Aid at Jonestown.

Re:Google... learning more from Microsoft everyday (4, Interesting)

click2005 (921437) | more than 5 years ago | (#25561699)

IMHO, microsoft's behavior in the last few years is to be commended

Yeah, they behaved so well during the whole OOXML/ODF stuff.

they are worlds away from where they were 10 years ago.

One half-assed attempt at a good deed (that isnt actually good in any real way as they're only providing OpenID not accepting it from others) doesn't erase decades of screwing people over.

Re:Google... learning more from Microsoft everyday (0)

Anonymous Coward | more than 5 years ago | (#25561707)

IMHO, microsoft's behavior in the last few years is to be commended, they are worlds away from where they were 10 years ago.

vista,ooxml,olpc,novell... I kinda disagree! It's exactly the same company all right. Or maybe you mean they're even worse now. All the big fuckers suck, no surprises there.

Re:Google... learning more from Microsoft everyday (3, Informative)

Anonymous Coward | more than 5 years ago | (#25561713)

microsoft's behavior in the last few years is to be commended

Excuse me? Have you been living under a rock? Microsoft has subverted an entire standards body worldwide to push a bloated mess of a document format! Their browser is still a POS, except it's now a more user friendly POS. Microsoft is exactly where they were 10 years ago, they've just adapted to a changed world.

Re:Google... learning more from Microsoft everyday (2, Interesting)

Amamdouh (1130747) | more than 5 years ago | (#25561937)

Yeah isn't it so?? I mean Google was kindda of a good guy in tech. They recently attacked a researcher for exposing a vulnerability in their android platform and now this !!! Hmmm can we say that companies inevitably turn nasty when they reach a certain size?

Re:Google... learning more from Microsoft everyday (4, Informative)

Touvan (868256) | more than 5 years ago | (#25561953)

Microsoft has a history of supporting unfinished or in progress standards, then keeping them that way. Just look at what they do with W3C standards. Keeping is static.

No ECMAScript 4.x, no DOM Events, no Canvas/SVG/etc., no greatly improved JS support because they only "want to make existing content content run better" rather than preparing for what the future may hold. Everyone else is doing that - make JS more robust today, so we can have better apps tomorrow.

MS has no interest in a standard that really works - but they'd love to be able to claim support for an open standard just the same.

Re:Google... learning more from Microsoft everyday (2, Funny)

rivetgeek (977479) | more than 5 years ago | (#25561981)

Apparently you dont code CSS much...

Re:Google... learning more from Microsoft everyday (3, Interesting)

thetoadwarrior (1268702) | more than 5 years ago | (#25562269)

Microsoft announces they'll create OpenID compatible IDs but not accept them. Thus if someone wants full access to all OpenID sites they have to go through Microsoft and you think this is some how better?

I'm not saying what Google is doing is right but they're just getting to the point where as MS was taking the slow route to the same destination.

Re:Google... learning more from Microsoft everyday (1)

sexconker (1179573) | more than 5 years ago | (#25562035)

And fucking typical to have it referred to as "adopting" and "forking", when they're really just doing the same ol' corporate bullshit of stealing and proprietarizing.

so lets see slashdot bias at work (2, Insightful)

circletimessquare (444983) | more than 5 years ago | (#25561335)

if microsoft did this, the hoardes would be eviscerating the company

if google does this, watch the defenders come out of the woodwork

slashdot bias: microsoft bad, google good, apple shrug

its not the year 2000 folks. google is not some little darling upstart anymore. update your bias accordingly please

Re:so lets see slashdot bias at work (5, Insightful)

Microlith (54737) | more than 5 years ago | (#25561401)

Google will be cheered or booed depending on what they do with their changes to OpenID. They could very well turn around and propose it for version two or whatnot of OpenID. After all, if it isn't compatible then what the hell is the point.

Microsoft is hated because they DEFINED "embrace and extend." They regularly use it as a weapon against their competitors. We have yet to see Google use their version of OpenID, much less use it against anyone.

Never mind that OpenID screams "single point of failure" to me.

Re:so lets see slashdot bias at work (0)

Anonymous Coward | more than 5 years ago | (#25561493)

openid has been nothing if not austere until this point. --"What the heck do you mean my userID is a url" It took a couple tries for me to get it, and my brain is huge. Good post, parent, keeping it real, and such.

Re:so lets see slashdot bias at work (1)

LordMyren (15499) | more than 5 years ago | (#25562055)

Read the article.

Google hasnt provided any extensions or changes to OpenID and has released no new protocols. They've introduced a black box you have to go through to get to their vanilla OpenID service. Theres no value add for developers.

The value add for clients is that they can just enter their email address instead of a URL. This would've been far better served by defining a DNS-SD spec for use in looking up emails and transforming them into OpenID's. Instead Google's opted for a black box of no use to anyone except gmail clients.

Re:so lets see slashdot bias at work (1)

zuperduperman (1206922) | more than 5 years ago | (#25562127)

Google could easily implement a standard OpenID interface and then provide an extended or improved version as well. OpenID is not hard to support. There is no technical reason not to, so the only explanation that makes sense is that Google has decided it is not in their business interests to support OpenID - ie. screw the community, screw the users, screw the internet, more power, more control for Google. I am happy to say in response to that - screw Google :-)

Re:so lets see slashdot bias at work (2, Insightful)

SecurityGuy (217807) | more than 5 years ago | (#25561423)

I think Google's shininess has worn off for most at this point.

The interesting implication to me is that I may have to concede Microsoft is not inherently evil, at least not more so than any other large corporation. Google, having become one has been progressively more Microsoft-ey.

Re:so lets see slashdot bias at work (4, Interesting)

BlueGecko (109058) | more than 5 years ago | (#25562047)

Hell, I honestly think it's possible to root for Microsoft these days. .NET, including the stuff they've just announced, is an open standard, and MS is encouraging competing implementations. They're working with Mono to ensure it has good Silverlight support, including proprietary codecs. They have their own cloud service, yet worked with Amazon so that Windows could be on EC2. They offer a free version of VisualStudio that's more than sufficient for hobbyist work, and ironically arguably have the most open and easy-to-target 3rd-gen gaming console for small development shops. They're supporting OpenID, making IE increasingly standards-compliant, and, with Windows 7, look like they might actually have a pretty nice operating system that I might not feel a pressing need to migrate away from. They're definitely not perfect—I'm still royally pissed at their behavior over OOXML—but they're doing an awful lot of things right these days.

Google, on the other hand, is going the opposite direction. They've done a proprietary fork of OpenID (which, despite the other comments on here, I definitely find offensive, because locks you into Google in exactly the same way Passport locked you into Microsoft). They closed their SOAP service and offer no alternative. They've basically said Gmail will never use IMAP properly, and they consider that a feature, not a bug. They do business in China on the argument that "well, someone had to do it, so why not us." They still do a tremendous amount of things right, but, just as I think we should acknowledge that Microsoft nowadays is doing a lot of things right, I think we need to start acknowledging that Google is doing a lot of things wrong.

Nobody's perfect, and situations can change surprisingly quickly. I remember when IBM was the evil overlord and Microsoft was our savior.

That was 1992.

Just because Google's been good up to now is no reason to assume they'll continue to be.

Re:so lets see slashdot bias at work (2, Insightful)

Red Flayer (890720) | more than 5 years ago | (#25561481)

Hey, FWIW, how about actually observing the Google Reality Distortion Field[1] before blasting its sure appearance?

There is institutional bias at slashdot, but from what I've seen, the pro-googliness has dropped in the past year or two as Google has started playing hardball with a big stack[2].

At any rate, slashdot is a community of individuals, and any perceived bias among the community just reflects the fact that fanbois exist -- and if you're aware of that fact, you can run the comments through your own internal bias filter when reading them. Sure, it's all well and good to hope that by decrying the bias, you might be able get people to change their minds... but good luck with that. Far better to get some popcorn and watch the spectacle of Google fanbois trying to defend their idol, lest they lose all hope of a giganticorp actually not acting selfishly.

[1] Bonus points for an Apple reference in a Microsoft/Google proto-flamewar?
[2] Bonus points for the baseball/poker mixed metaphor?

insert foaming (4, Interesting)

coryking (104614) | more than 5 years ago | (#25561529)

You see, it is OPEN, right? I mean, it says so right in the name of the protocol *OPEN*ID right? And google is cool right? So OpenXyz + Google = Win, right? I mean, OpenID sucks, right? What is wrong with somebody embracing it and then fixing the problems by extending it to be better? Nothing. After all, it is OpenID.

I think if I ever start a company that publishes the most evil DRM spec on earth, I'd probably name it OpenDRM or FreeDRM just so I can win over the Slashdot crowd. As long as it has Open or Free in the name, you can pretty much get away with murder, especially when your Slashdot corporate karma is "excellent".

But seriously, OpenID needs more then a face lift. For starters, based on my experience with Stackoverflow, browsers need to auto-fill the OpenID box with my URL, er, login name (cough). Then they need to boot out any fool who things the "login" should be anything other then an email address. Whoever dreamed up using a URL for a login wanted the spec to fail. Oh, and then when they are done with that, how about moving it down the network stack so that the damn thing can be used to authenticate against protocols other then HTTP, like say, IMAP or something. Oh wait, except OpenID was never intended to be used to authentication... or was it? Nobody really knows because even OpenID proponents says you shouldn't use it for anything other then trivial accounts and if you use it for anything else, you are mis-using the spec!

Re:insert foaming (2, Informative)

Just Some Guy (3352) | more than 5 years ago | (#25561799)

Then they need to boot out any fool who things the "login" should be anything other then an email address. Whoever dreamed up using a URL for a login wanted the spec to fail.

Excellent point. OpenID 3.0 should include provisions for carrying out the authentication via SMTP, and maybe BitTorrent or NNTP.

Meanwhile, in reality, you know that ultimately the URL is the location of your OpenID server, right?

Why OpenID fails (4, Insightful)

coryking (104614) | more than 5 years ago | (#25561931)

I've got one word for you

Meanwhile, in reality, you know that ultimately the URL is the location of your OpenID server, right?

Huh? No seriously. Huh?

OpenID is just so damn unintuitive that nobody really gets it. It is a fucking login. Why can't it be an email address? Why can't it resolve the right place to conduct authentication business via DNS the same way SMTP gets it's MX record based on everything after the @domain.com?

Seriously, the more people try to explain it, the more it just makes peoples eyes glaze over. All they see, and all I see, is a fugly looking URL that is supposed to magically authenticate me, only as a web developer, I'm told I can't actually trust the authentication because the protocol wasn't designed for it. Or something. My head spins now.

Re:Why OpenID fails (1)

Just Some Guy (3352) | more than 5 years ago | (#25561989)

Why can't it resolve the right place to conduct authentication business via DNS the same way SMTP gets it's MX record based on everything after the @domain.com?

Because for the average person, it's a lot easier to set up a blog than it is to get their ISP to set up custom DNS records.

Re:Why OpenID fails (5, Insightful)

coryking (104614) | more than 5 years ago | (#25562017)

Because for the average person, it's a lot easier to set up a blog than it is to get their ISP to set up custom DNS records.

There you go again. What the hell are you talking about? Now to log into some stupid site, I have to get a blog too? Huh?

Admit it, the URL thing sucks ass. Email addresses are something we all have, and many websites are using email addresses as your login already. If OpenID did email, even *if* there wasn't any DNS trickery like I suggest, life would have been 100% easier. But no, I'm sure there is some "valid" reason the purity trolls who wrote the spec had against something so simple and logical, so they decided URL's would be best, usability be damned.

Re:insert foaming (1)

UltraAyla (828879) | more than 5 years ago | (#25562071)

Someone above also mentioned OpenID being a single point of failure. Definitely true, so in addition to your mods, I think 3.0 should include the ability to include synonym URLs that are downloaded on first login to a host so that if your server is down, you can still authenticate through the synonyms. Just a thought

Re:so lets see slashdot bias at work (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25561579)

Yes, but Google seems to get everything right when it comes to online technology, while Microsoft has a history of either being shortsighted or behind. When they do catch up, they usually do it wrong, or worse. Just look at Windows Live Mail, or their OOXML format(not web related per se, but definitely worse than both doc and odt, and an example of them choosing their own worse way of doing something).

Mind you, Google isn't perfect - I remember their page prefetcher beta was pretty messed up - but I'd trust their experts(when it comes to web stuff) over Microsoft. And since they're basing it on user feedback, they're probably also listening to a large number of independent web developers.

-Anonymous Coward

Re:so lets see slashdot bias at work (2, Insightful)

owlnation (858981) | more than 5 years ago | (#25562037)

Yes, but Google seems to get everything right when it comes to online technology,

Yes, that is true. But, there's just one thing though that isn't mentioned enough, namely that they created a new paradigm in search 10 years ago. The 10 years ago part is the thing. There's not only been no improvement, they've effectively eradicated all competition, and their search is now fairly well gamed by most any and all black hats.

Thus, the net result is that, overall, the user experience for search is now worse than it was 10 years ago. Google has become rich and rested on its laurels. Is this evil? Not per se. Is it good? Not at all. Google needs competition. It seriously needs competition.

Re:so lets see slashdot bias at work (2, Funny)

uberjack (1311219) | more than 5 years ago | (#25561685)

I imagine that at some point in the future, Google will 'fess up to having been a subsidiary of Microsoft all along. Dr. Zoidberg: "It was me! I'm the hero!"

Re:so lets see slashdot bias at work (1)

thePowerOfGrayskull (905905) | more than 5 years ago | (#25561787)

if microsoft did this, the hoardes would be eviscerating the company

if google does this, watch the defenders come out of the woodwork

slashdot bias: microsoft bad, google good, apple shrug

its not the year 2000 folks. google is not some little darling upstart anymore. update your bias accordingly please

I've been seeing similar comments whenever google does something stupid lately - but for all that people claim we're a bunch of google apologists here, I seldom actually see it. Usually google gets torn apart just as much as anyone else does - perhaps even a bit worse than others because of their unfortunate choice of slogan.

Illin with the panicillin? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#25561339)

Is she illin with the panicillin?
Is she reelin in the panicillin?
Is it feelin with the panicillin?
Are you steelin in the panacillin?

Panka Panka

Is she liable no suitifiable no not on trial but so suitifiable
Is she viable no suitifiable pliable style is so suitifiable
so reliable no suitifiable shes not on file but so suitifiable
im on the dial its so suitifiable its like im liable but more suitifiable

Embrace and extend (1, Redundant)

mi (197448) | more than 5 years ago | (#25561367)

Embrace and extend [wikipedia.org] — all the while doing not evil. No, absolutely not.

New and improved feature? (3, Insightful)

megamerican (1073936) | more than 5 years ago | (#25561373)

Google OpenID: New and improved personal information gathering.

Best sig ever (1)

rawtatoor (560209) | more than 5 years ago | (#25562145)

No Party [noparty.cx]

Re:New and improved feature? (1)

dragonturtle69 (1002892) | more than 5 years ago | (#25562289)

Way offtopic, but great sig. It even includes that the parties are not separate.

Sorta defeats the purpose yes? (2, Interesting)

apathy maybe (922212) | more than 5 years ago | (#25561395)

I mean, if I can't use my Gmail address to logon to websites that actually support OpenID, then why would I bother? Not only that though, does it support non Google addresses hosted on Google Apps? (E.g. sexygrrl@example.com)? If not, then even bigger fuck off to it.

Meh, sounds a bit like another "Passport", fuck that, I don't want a big (or little) corporation controlling my ID.

Anyway for the ignorant and lazy:

OpenID is a shared identity service, which allows Internet users to log on to many different web sites using a single digital identity, single sign-on, eliminating the need for a different user name and password for each site. OpenID is a decentralized, free and open standard that lets users control the amount of personal information they provide.

http://en.wikipedia.org/wiki/OpenID [wikipedia.org]

Hope OpenID blocks their use of the name. (1)

Kadin2048 (468275) | more than 5 years ago | (#25561471)

I mean, if I can't use my Gmail address to logon to websites that actually support OpenID, then why would I bother?

Yep, that's my question too. I was excited for a minute, thinking that I'd be able to suddenly use my Gmail/Google ID to sign into various OpenID-enabled sites ... but then they went and fucked it up.

They might as well have not bothered. The whole point of OpenID is interoperability. If they don't want to play along with the consensus, they shouldn't bother trying.

I'd really hope that whoever owns the OpenID trademark comes after them and forces them to stop calling whatever they're doing "OpenID". If it's not compatible with an existing specification, it's not OpenID. They will risk seriously devaluing their trademark if they allow incompatible implementations to use the name. They need to be ruthless about this. Google can do whatever it wants and call it "GoogleID", but if it's called "OpenID", it needs to be compatible with everyone else claiming to be that.

Re:Hope OpenID blocks their use of the name. (2, Informative)

brian1078 (230523) | more than 5 years ago | (#25562093)

I'd really hope that whoever owns the OpenID trademark comes after them and forces them to stop calling whatever they're doing "OpenID". If it's not compatible with an existing specification, it's not OpenID. They will risk seriously devaluing their trademark if they allow incompatible implementations to use the name. They need to be ruthless about this. Google can do whatever it wants and call it "GoogleID", but if it's called "OpenID", it needs to be compatible with everyone else claiming to be that.

http://openid.net/what/ [openid.net] says:

... OpenID is not owned by anyone, nor should it be. ...

And considering the guy that created OpenID (Brad Fitzpatrick) now works for Google, and Google has a seat on the board of OpenID, I don't see much happening

Re:Sorta defeats the purpose yes? (1)

LordMyren (15499) | more than 5 years ago | (#25562135)

I see two options Google could have pursued if they'd wanted to embrace and extend OpenID to let users use their email addresses.

1) Define a mapping users can use. Tell users to use http://gmail.com/~ApathyMaybe [gmail.com] or http://apathymaybe.gmail.com/ [gmail.com] for their url's for example.

2) Define a protocol for developers to map email addresses to URLs. Use some kind of URI-template to convert ApathyMaybe@gmail.com into one of the aboves.

As you sarcastically point out, they ignored both options and dropped a heinously ugly black box in front of OpenID that developers must correspond with first. They didnt embrace and extend OpenID, they hacked a solution they internally are content to suffer with.

This spells the death of OpenID (0)

Anonymous Coward | more than 5 years ago | (#25561425)

and I think that's what google is aiming for. With google and microsoft in the picture, there will be at minimum 3 different and incompatible versions of OpenID. Not to mention the mentality that "microsoft and google are extending this, so should we!".

When all is said and done there will be 10s or 100s of forks.

Re:This spells the death of OpenID (1)

larry bagina (561269) | more than 5 years ago | (#25561531)

Nice try, but Microsoft is following the OpenID standard.

I don't get it. (0)

Anonymous Coward | more than 5 years ago | (#25561437)

They're taking a "slight departure" from OpenID 1.0, but are still compatible with OpenID, according to the very same documentation.

So, does that mean they're supporting OpenID 2.0? Some protocol that's similar to OpenID but not 100% compatible?

It's too early to draw any conclusion because the "article" is so light on details of how exactly this is different from OpenID that it's humorous.

Err, what? (1)

Riot.ATL (1365395) | more than 5 years ago | (#25561445)

Doesn't this kind of, you know, defeat the purpose of OpenID?

From.... (0)

Anonymous Coward | more than 5 years ago | (#25561455)

.... one evil "embrace and extend" empire to another....

It doesn't matter.... (1)

Trev311 (1161835) | more than 5 years ago | (#25561457)

What does it matter that google is going to use their own version. All the sites that use OpenID are just providers. Nobody accepts the OpenIDs created at other sites so they might as well be completely different.

Re:It doesn't matter.... (3, Interesting)

satoshi1 (794000) | more than 5 years ago | (#25561653)

I use my site as a provider and every site that I've come across asking me to log in with my OpenID (LiveJournal included) accepts it just fine. That's the idea behind OpenID, you can get your ID anywhere, you can even provide it yourself, and every site claiming to be OpenID compatible MUST accept it when you try to log in with it.

Stop your complaining (4, Insightful)

FooBarWidget (556006) | more than 5 years ago | (#25561465)

OpenID usability sucks.

There, I said it. It's true. My computer-illiterate dad just wants to post a comment on a blog, or to login to a new website. You can't possibly expect him to do something as complex as reading up on what OpenID is, signing up for an OpenID account on a totally different website that has got nothing to do with the original website that he was on, and then logging in by entering a long magical URL. People like him - average users - have trouble enough understanding usernames and passwords! The recently published OpenID usability study confirms all the criticism that I've had on OpenID.

While OpenID is technologically sound, its usability is not. If Google's version is more usable, but is still open, then I'd gladly support it even if it's not compatible with the "official" OpenID standard. I don't care whether they're being "nice" or "evil" or whatever, I want better usability because software is supposed to be usable.

Re:Stop your complaining (0)

Anonymous Coward | more than 5 years ago | (#25561677)

All Your Packages Are Belong To Us

Your sig actually made me look down and check. Now I am just hoping that you are a very horny female.

Re:Stop your complaining (1)

Kozz (7764) | more than 5 years ago | (#25561711)

In other words, OpenID suffers from so many of the same usability problems as PGP.

Re:Stop your complaining (2, Interesting)

jskora (1319299) | more than 5 years ago | (#25561725)

Wow, now its out. I just had a class project doing a usability test on a popular OpenID web site and EVERY professional web developer I observed had a hard to very had time with OpenID. Its a great idea, but is either flawed in design or badly implemented most places to date.

Re:Stop your complaining (1)

91degrees (207121) | more than 5 years ago | (#25561737)

True that.

OpenID needs to hit critical mass. Once people actually use it a reasonable amount, there will be enough people to spot its shortfalls and actually provide us with some sort of useful browser plugin that automates the login.

This essentially means more sites accepting it. The only site I use that accepts OpenID logins is Livejournal and that's the openID I'm most likely to want to use. Microsoft becoming a provider helps. A lot of people are likely to be happier to accept logins if they come with a recognisable name like that.

stackoverflow too (1)

coryking (104614) | more than 5 years ago | (#25562075)

Check out stackoverflow.com, it exclusively uses OpenID for account info.

Re:Stop your complaining (-1)

Anonymous Coward | more than 5 years ago | (#25562027)

Rubbish. For people like your dad, OpenID is both simple *and* simpler than having to sign up for dozens of sites just to post a comment.

Suppose we live in a world where everybody implements OpenID (as a consumer and provider). And suppose your dad's got an email account with... well, let's say Yahoo.

So whenever your dad wants to post a comment on site X, he enters his email address (easy as pie); Yahoo confirms that he indeed wants to leave a comment on site X; and after that, he just does.

If I "can't possibly expect [your dad] to do something as complex" as that, I weep for your dad - and you, given that you got 50% of your genes from him.

Re:Stop your complaining (5, Insightful)

FooBarWidget (556006) | more than 5 years ago | (#25562113)

"Rubbish. For people like your dad, OpenID is both simple *and* simpler than having to sign up for dozens of sites just to post a comment."

That's true if you count the step. The thing you overlooked is, he doesn't know what OpenID is! Try to explain OpenID to a random person on street. How big is the chance that he understands it and will even care? Have you ever went through an OpenID registration process? There's no way my dad understands that. The barrier to entry for average users is too high.

There's more to usability than simply counting the number of steps.

"Suppose we live in a world where everybody implements OpenID (as a consumer and provider)."

It's useless to speak of such a world. It simply doesn't exist. The hard reality is that OpenID adoption is still low.

"If I "can't possibly expect [your dad] to do something as complex" as that, I weep for your dad - and you, given that you got 50% of your genes from him."

Oh yeah, like launching a personal attack on me will make the usability problems magically go away. If anything, this is a sign of your weakness.

Re:Stop your complaining (2, Insightful)

LordMyren (15499) | more than 5 years ago | (#25562221)

You clearly havent spent even the most cursory effort to investigate what Google has actually done here.

They havent changed OpenID, they've built their own black box to lookup OpenID URL's for email addresses.

Your entire argument is posited around Google making a more usable version of OpenID. While it may be easier for gmail users in that they can use their email addresses instead of url's, Google has not provided any spec for how other sites can implement the black box they've thrown in front of a completely vanilla OpenID. Since no one else can use it, its easy to say it hasnt helped OpenID.

And this is why... (3, Insightful)

Azuma Hazuki (955769) | more than 5 years ago | (#25561477)

...Google scares me more than Microsoft. Even as a die-hard Linux and BSD user, a FOSS zealot, I rest easy knowing Microsoft in its current form will likely be dead in less than a decade. Google, on the other hand, stands to become the Internet-age version of Standard Oil. This is the first "publically-visible" sign of their slide into Microsoft-like evilness, and unlike MS, they will probably be around a long, long time.

Think about it: the OS doesn't *really* matter (if it did OS X and Linux and all the rest would never have any users). Even MS knows this, as they prepare to break into the "cloud" market. Even the applications aren't *that* important now, with the number of people working on converters and programs like OpenOffice. What's important is data, raw information, and Google is a massive data broker.

Be very, very careful how much you trust to Google.

Re:And this is why... (1, Funny)

Anonymous Coward | more than 5 years ago | (#25561591)

"Microsoft in its current form will likely be dead in less than a decade", you ummm, underestimate the power of the dark side young jedi. microsoft will likely outlive everyone with userids equal to yours and lower. :3

Re:And this is why... (1)

homer_s (799572) | more than 5 years ago | (#25561637)

stands to become the Internet-age version of Standard Oil.

You mean they'll reduce the price of their product so low that consumers will flock to them putting their competitors out of business?
Oh no, maybe their competitors should get Congress involved [reuters.com] .

Re:And this is why... (1)

Ant P. (974313) | more than 5 years ago | (#25561853)

the OS doesn't *really* matter (if it did OS X and Linux and all the rest would never have any users).

If the OS _didn't_ matter they'd have no users. Everyone would be content to keep using the common-as-dogshit-and-worth-about-as-much OS that comes preinstalled on their PC.

Hold on, can you show your work... (1)

argent (18001) | more than 5 years ago | (#25561909)

I'm not really addressing your conclusions here, I'm just wondering about one of your assumptions...

Think about it: the OS doesn't *really* matter (if it did OS X and Linux and all the rest would never have any users).

If the OS didn't matter I'd be using Windows. It's because the OS matters that there's more than one OS out there.

Can you explain what you mean here?

Re:And this is why... (1)

AVonGauss (1001486) | more than 5 years ago | (#25561921)

Think about it: the OS doesn't *really* matter (if it did OS X and Linux and all the rest would never have any users). Even MS knows this, as they prepare to break into the "cloud" market. Even the applications aren't *that* important now, with the number of people working on converters and programs like OpenOffice.

I hope you are jesting, that actually sounds more like something Microsoft would say... ;) The operating system does indeed matter, without it the browser or other applications you use every day would have nothing to run on. The problem is few people actually focus on the operating system development, instead they get distracted by trying to branch in to the application arena. Someone who is concentrating on the operating system does not write a mail application, they may write a sample mail application but what they would concentrate on is the common API all applications can use to interact with different mail services. Even the "NetBook" class of computers, surprise, is running either Windows or more frequently now a variation of a Linux operating system. Apple based their Mac OS X effectively on a BSD implementation, which saved them a bundle I'm sure, but ever wonder why they didn't give away the specific parts they added that define OS X? Umm, it matters... What Microsoft is doing is what they have said they were going to do all along, cloud or no cloud, which is to attempt to transition into a software as a service model. Translation, figure out a way to monetize mass consumer software so that people perpetually pay an annual license to use the software. No big mystery or grandeur there, that model has been used with businesses for decades, it remains to be seen if it will work on a mass consumer scale.

Re:And this is why... (1)

felipekk (1007591) | more than 5 years ago | (#25562277)

MS dead in a decade?

What bubble are you living in?

Considering even Windows 2000 is still used on corporations all over the world, there is no way Microsoft is going to be anywhere near dead in a few decades.

using email as login (2, Interesting)

antimatter15 (1261618) | more than 5 years ago | (#25561485)

I don't know too much about OpenID, but in my understanding, you login with your website URL. It seems google is letting you use your email address, which makes more sense (or would make more sense to normal users anyway, as people are used to being forced to enter an email in posting comments in blogs anyway).

Re:using email as login (1)

brunascle (994197) | more than 5 years ago | (#25561751)

That's what I read into it too, but actually you can already use an email address, sort of. If they relying party assumes the OpenID given is a URL, then username@gmail.com would resolve to http ://username@gmail.com/, which is a valid URL, pointing to http://gmail.com/ [gmail.com] . Some OpenID 2.0 providers allow you to enter a generic url (like just a domain name), and when redirected to the OpenID provider you're asked to provide both your username and password, rather than just your password. Yahoo supports this, you can enter yahoo.com in an OpenID login box.

It would be trivial for google to accept OpenIDs at http://gmail.com/ [gmail.com] , but relying parties might not accept the email address as a URL.

If it's bad for OpenID... (1)

Juggz (1181257) | more than 5 years ago | (#25561503)

It's a good thing!

So they're experimenting (4, Insightful)

bluefoxlucid (723572) | more than 5 years ago | (#25561611)

Google is a research company; they're doing research. They are improving OpenID, in their opinion. Nobody relies on Google OpenID, they haven't stepped up to make an OpenID implementation and then started adding extensions, and finally broken compatibility to force conversion to their special vendor-locked-in crap. They've come out and said, "We are going to implement something new, based on OpenID."

Wait until Google Docs stops exporting to deprecated MS Word 97 format (and ignorers .docx entirely), but does export to Google Document Format for their new Google Desktop Office; then you'll see Microsoft behavior.

Re:So they're experimenting (0)

Anonymous Coward | more than 5 years ago | (#25561867)

I'm pretty sure that Google is an adervisting company. That's how they make most of their money.
-James

Re:So they're experimenting (1)

Trojan35 (910785) | more than 5 years ago | (#25562023)

Wait until Google Docs stops exporting to deprecated MS Word 97 format (and ignorers .docx entirely), but does export to Google Document Format for their new Google Desktop Office; then you'll see Microsoft behavior.

They'd only do that once they had 80%+ of the market. And given their recent actions, I'm pretty sure they *would* do that in a market where they have a monopoly.

Their whole "don't be evil" thing only applies when it's a minor inconvenience.

Re:So they're experimenting (2, Insightful)

hackingbear (988354) | more than 5 years ago | (#25562235)

Besides, I don't see, from reading the blog, that they make it incompatible with OpenID. they just add two additional steps -- the user enters an gmail address and then the google server returns an OpenID URL. So normal OpenID websites still work, users just type in the URL instead of having the relying party goes find out.

So it is really a compatible augmentation to OpenID. Whether google patents this or uses other way to prevent others from doing that, I don't know and not technical.

And so it begins (0, Flamebait)

l0ungeb0y (442022) | more than 5 years ago | (#25561627)

Google takes their clout and tells the collective community just where they can stick it and how far.

From previous experience, it can only be assumed that they will continue with this approach until they adopt the same way of thinking and business practices of other large corporations with too many heads and too much power. It's not their fault, they can't help but to do evil when they get this big.

Hopefully, it will bite them faster and harder than it did Microsoft.

I already keep google's presence as close to nill as I can in my life and pretty much limited it to gmail for a public internet mail address and their apple safari embedded search bar. I refuse to use firefox as my personal browser since it clandestinely pings to a google address without my consent, (you can verify this with the tamper data utility... just turn it on and wait, firefox will ping google) which I find to be rather shitty and makes me rather distrusting of the amount of trust 3rd parties give google. I will have no problem abandoning these guys if they go the route of the monopolists.

My attitude toward google has been a couple stiff middle fingers for the last couple years. This just reinforces my belief that their "Do no evil" spiel is as good as the paper it was written on.

Re:And so it begins (2, Insightful)

obarthelemy (160321) | more than 5 years ago | (#25561881)

There IS a difference between "embrace and extend" and "extend right away": sneakiness.

Google lacks something both MS and Apple are going to enjoy for a long time: user lock-in via proprietary formats, DRM and/or user training.

Google has much less leverage to become evil by abusing lock-ins... hence less evilness.

About to drop Google (1)

samalex01 (1290786) | more than 5 years ago | (#25561731)

I've used and advocated Google for many years, but I'm getting really close to dropping them all together. They are one single company that has probably more personal data on every Internet user then anyone, and with that trust comes responsibility... but they've been very non-responsive to most Internet users as of late.

I'll probably never be able to drop them completely since they do have the best search engine, but as a portal site for pretty much everything, email, newsgroups, etc... I think they're becoming way too big for their own good.

kdewallet (0)

Anonymous Coward | more than 5 years ago | (#25561745)

kdewallet

standards my shiny metal a**. (1)

target562 (623649) | more than 5 years ago | (#25561759)

OpenID is a "standard". SAML is a "standard". Everyone seems to implement them slightly differently -- but at least folks are publishing how they're doing it, which is more than I can say of how things were 5 years ago.

Google Microsoft ? (0)

Anonymous Coward | more than 5 years ago | (#25561841)

Did Google and Microsoft just switch places? Wasn't it just a decade or so ago when Microsoft was releasing its "own" version of protocols an refusing to work with standardized work?!

Here's hoping Google kills OpenID (0)

Anonymous Coward | more than 5 years ago | (#25561877)

Best thing for the 'tubes at large would be a firing squad for OpenID. The entire concept is a black hole of practical thinking and a security nightmare. Even an "improvement" of the OpenID idea can't help but fail. Now, if this Google initiative somehow leads to the creation of a real, secure, validated, easy-to-adopt, easy-to-use authentication service, then some good will have come from it.

Google should provide real OpenID too. (1)

burndive (855848) | more than 5 years ago | (#25562087)

The problem from Google's perspective is that the user doesn't have a Google URL, they have a Google username, and that's what the users think they should enter in order to log in.

So, in stead of typing in something like http://username.openid.google.com/ [google.com] the user selects "Google Account" from a drop-down box, and types in his user name. (Which is functionally equivalent to MS Passport.)

When I log in to a blog and leave a comment with my OpenID, my OpenID URL is displayed as the unique identifier of the author attached to that post.
This presents a problem for Google Accounts as OpenIDs because while URLs are intended to be public ready-to-be-displayed information, a Google Account username (which is easily translatable into an e-mail address) is not.

Therefore, the URL that Google needs users to enter is something like http://nickname.openid.google.com/ [google.com] but they don't know that that's what they should enter (because they don't know how OpenID works), and so Google is providing a way for sites to translate a Google-authenticated ID into something like an OpenID.

I think if they're going to do this, that they should also offer a way to do it directly, with a URL, for normal OpenID sites that don't support their little proprietary system, and make efforts to wean users off of the proprietary system by showing them their OpenID URL and telling them how to sign in normally.

why not this simple? (0)

Anonymous Coward | more than 5 years ago | (#25562115)

I really don't understand why OpenID should be so heard to implement.

Here's what I think it should look like:

Any email address from any large provider that registers with openID is fair game.

name@gmail.com, name@yahoo.com, name@live.com, etc.

Setup a basic API where any new website, forum, blog, etc can simply post that email and password to the appropriate place, and come back with a response.

Essentially:

web site with login form ->

openID site ( deciphers email to decide where to validate) ->

passes user info to appropriate provider, provider replies back with either AUTHENTICATE or FAIL

openID -> original forum returns this message

For legacy websites you could simply create a column in the users table to link the openID email to the existing username.

Never thought I'd say this... (0, Flamebait)

cloakable (885764) | more than 5 years ago | (#25562241)

But yea, fuck you Google. Fuck you, and the fork you rode in on.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?