Openid: The truth
OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.
OpenID is set to bring you (the user) back control of your login! With nearly ten-thousand compatible websites, OpenID is fast becoming the new easy and secure way to login.
The Good: How it works
A login under OpenID defies current logic by storing sensitive data such as your password, birthdate, full name, etc with an identity provider whom you completely trust. You can then feel safe giving websites, even those you don’t trust, your Identity URL. Using your Identity URL a website can contact the trusted identity provider, and ask for information about you. Then your identity provider will confirm your consent by asking you to login. The big difference is that you always login to your trusted identity provider, whom tells the website you successively logged in and tells the website whatever you told it to. This means no more registering, manage passwords, or anything of the kind as your identity is managed by a single site.
The Bad: Phishing
Now while OpenID has gained huge momentum, it still has 2 major weaknesses as detailed here by Marco Slot.
Firstly, it is easy for malicious websites to send users from major sites such as AOL.com to a fake login page. Most user’s would happy type in their password, not noticing the address bar says aaol.com or something similar.
The second crack follows with the idea that user’s will happily enter their password if given the chance
The second crack is somewhat similar. The idea is to simply show the user the usual OpenID form, but to not only ask for the user’s identity URL, but also their password.
The Ugly: None
Getting an OpenID is surprisingly easy, and besides some avoidable phishing problems, OpenID is very secure and easy to use. But instead of using some url that your identity provider gives you, wouldn’t it be awesome if you could use your personal blog or webpage to identify yourself? To do this, all you need to know is your identity and server URLs, which your provider should have provided. Then you insert some special HTML tags like the AOL ones for John Smith below. They tell websites looking for your identity where it is, and if you should feel the need to change identity providers, simply update the tags on your site.
<link rel="openid.server" href="https://api.screenname.aol.com/auth/openidServer">
<link rel="openid.delegate" href="http://openid.aol.com/johnsmith">
Thursday, January 10th, 2008 @ 7:59 pm 
Adventures in Userland, Open Source
RSS 2.0
Trackback
April 11th, 2008 at 8:37 am
Greetings I cam across your site looking for various mosaic creation methods. I saw your KCCI 8 mosaic, you guys don’t happen to be in Iowa? I always think of the web as purely global so finding a local connection is kind of weird event. Other than that your contact page is broken or I would emailed there.
Later,
-Chuck
April 11th, 2008 at 1:07 pm
Hi Chuck,
For your question, yes. We’re from Iowa, right in the middle. If you aren’t from around there you probably don’t know it, Iowa Falls is the name of the town though. As for mosaics, email me at travis@flippedweb.com and i’ll tell you how we do it.
and thanks for the notice, I’ll get the contact page fixed right away.
-Travis