openid vs. lid

Dan Lyke danlyke at flutterby.com
Fri May 20 08:16:12 PDT 2005


Martin Atkins writes:
> It looks to me (from only a cursory glance) like LID also provides 
> profile information, while OpenID specifically leaves that to some other 
> mechanism.

That's my impression, too: A LID URL is something you put on your
business card, as well as a tool to log in.

> Other than that, it seems to be almost identical to OpenID. It just uses 
> different URL arguments.

And there are some implementation details that have been through a few
revs that are still being worked out in OpenID. As I read through the
archives, I'm recognizing stuff, like the "nonce vs timestamp"
argument.

I'm still playing with the OpenID demos to try to get LiveJournal to
let me log in (right now it looks like I'd have to buy a subscription
account to make that work?) but I'm also concerned that issues
regarding phishing have been thought through a little more in LID.

> One thing I *think* is true is that for LID, the identity and the
> identity server URL are the same thing, though with only one demo
> login to test with I can't really tell.

True. And for a dual-sided LID/OpenID server, you'd just put the
identity server discovery stuff in your LID page.

Dan



More information about the yadis mailing list