Implemented OpenID... why?

[Brad Fitzpatrick]

You're on your own.

OpenID is meant to be the simplest possible way to do authentication.  You
have to do authorization and any profile gathering/etc.  The Perl modules
for OpenID do a lot of that profile gather for you, but usually I find
myself only needing authn.

The problem with profile exchange is there are fifty efforts to define the
"best way", so OpenID is stepping back and letting everybody figure that
one out.  :-)  That said, there are OpenID proposals on how to do it as a
proper/clean OpenID optional extension.  Look at JanRain's stuff.

- Brad



On Fri, 28 Apr 2006, Thom McGrath wrote:

> I just completed implementation of an OpenID server (this is home-
> grown, not a standard library). This was hard without a good tutorial
> and whatnot, but besides the point. I'm also planning on creating the
> consumer end. But then I ran into a logic issue: why?
>
> Since OpenID doesn't appear to share any user information at all, why
> on earth am I doing this. If I want to allow people to login to my
> site via OpenID, I still need to ask them for all the standard
> registration info, like name and e-mail. That seems very... useless.
>
>  From openid.net: "There's no profile exchange component at all: your
> profiile is your identity URL, but recipients of your identity can
> then learn more about you from any public, semantically interesting
> documents linked thereunder (FOAF, RSS, Atom, vCARD, etc.)."
>
> Is there a defined API for second call for data, or are we on our own
> for that one? I mean, OpenID seems like a fantastic idea and
> implementation, but the process of actually *getting* to a user's
> data seems to be completely undefined. Am I wrong?
>
> --
> Thom McGrath, <http://www.thezaz.com/>
> "You realize you've created God in your own image when God hates all
> the same people you do."
>
>
>