Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
"Flippantly calling people "haters" because they see legitimate flaws in something you like is as offensive and juvenile as calling people "fanbois" because they see legitimate benefits in something you dislike."

Oh relax. I was merely referring to the first comments that used the "hate" stigma. In fact, I'm tremendously interested in the arguments against OpenID and you raise valid concerns. And for the record, I'm not a "fanboi", I'm stuck in the middle, slightly in favour, cause at this point, I don't see many obstacles.

"The difference between OpenID and independent authentication is that if PM was compromised as an independent site, just PM is affected. If it was compromised as an OpenID provider, then everyone who accepts its authentication information is affected until the situation is noticed."

Here you have a valid concern. The single point of failure isn't nice, I fully agree. Yet I don't hear these concerns too often with, e.g. SSH's authorized_keys. Other single points of failure are of course one password for all sites (happens too often), one mail account signing up (so compromising the mailbox could potentially help one access many other sites), stored passwords in browsers etc.

A positive thing would be that OpenID could take away the threshold of people signing up to sites, like Perlmonks (if it'd start accepting it, rather than offering provider services). Granted, if Perlmonks would only offer the provider service, this argument makes close to no sense.

I haven't looked at the OpenID specs in close detail, but do seem to remember you can also delegate the provider service. (ah, it indeed is possible). Maybe that would be an option for Perlmonks then (?). A small adjustment to the home node would seem enough. This would take away the increased risk of attacks on this site; the bandwidth increase would be minimal and it'd still offer the OP a way to authenticate using his/her Perlmonks homenode.

OpenID is a growing thing (whether we like it or not). Look at Yahoo!, Google (and more Google through Blogger), AOL and others. Discussing it here isn't necessarily a bad thing, IMHO.

--
b10m

In reply to Re^3: PerlMonks OpenID provider? by b10m
in thread PerlMonks OpenID provider? by friedo

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (5)
As of 2024-03-28 20:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found