1. Dec 26th, 2006

    One is easier than the other

    Registration with sername/password
    Registration
    1. Pick and enter username
    2. Pick and enter password
    3. Enter password again
    4. Enter e-mail address, and
    5. Click ‘Register’
    E-mail Click verification link
     
    Registration with OpenID
    Registration
    1. Enter OpenID URL, and
    2. Click ‘Register’
    OpenID login
    1. Enter username/password, and
    2. Click ‘Login’
    OpenID authorization Authorize access
    Registration
    1. Confirm username
    2. Confirm e-mail address, and
    3. Click ‘Register’
    E-mail Click verification link

    Posted by Assaf Filed in general

    1. Dec 27th, 2006

      Eran

      Perhaps you should have pointed out that the OpenID registration and authorization and Email verification a one time process (considering you don’t have too many identities).

      Registration at a new site with OpenID also includes the authorization of that site in your OpenID provider (server).

      In any case, it’s not really clear what you do think is easier… at least to me :-)

    2. Dec 27th, 2006

      Assaf

      I’m implementing OpenID registration for an app I’m building, and for the test cases I had to write all the distinct steps a user has to go through to register with the service.

      I’m assuming they have an OpenID account already, so no need to create it, but the service does use e-mail, and OpenID not being a trusted authority, requires authentication with and without OpenID.

      Which one is easier depends on your point of view.

      Judging from this matrix, I think a lot of people will find it an undo complexity. There needs to be a way to simplify it.

    3. Dec 28th, 2006

      Eran

      How about considering a service like BotBouncer.com http://botbouncer.com/ ?

      If you trust them they can tell you if an OpenID is actually human. Services like that will greatly help you since you can make sure that a) This OpenID is human and b) the Email is valid enough for you to use.

      If most (or all) OpenID providers will either a) be registered in a central trusted directory that says they are verifying that users are not bots or b) force the users opening the OpenID account to identify using a captcha and Email verification and register themselves at sites like BotBouncer.com the scenario is much simpler.

      Actually, if major provider such as Yahoo and Google will support OpenID everything will be much simpler without each one of them inventing their own API.

    4. Dec 28th, 2006

      Assaf

      I’m working on an app called Checkmarked, which has very little appeal to bots. I’m assuming most of my users would be humans. How much you can trust people to give the right e-mail address is a different matter.

      Trusted authorities work very well, witness how we all use VeriSign-issued certificates for our personal e-mails.

      I run an OpenID server on Labnotes which I use to authenticate myself against other services. If I couldn’t easily do that, I wouldn’t bother with OpenID at all.

    5. Dec 28th, 2006

      Assaf

      PS I don’t believe the solution is to turn OpenID into some centrally managed, tightly controlled, bureaucracy. We have InfoCard, or whatever MS calls it these days.

      The solution is to keep working on OpenID to the point that it’s as easy as current username/password registration, or even simpler.

    6. Dec 28th, 2006

      Eran

      My intension was not to make OpenID a bureaucracy monster and I’m not even suggesting that.

      The idea is that for added security/trust (unless you want people that runs OpenID server to negotiate or “authenticate” the server) a central (maybe more than one like CAs for certificates) can exist and help do that.

      That’s all.

      I’m currently using OpenID to respond in this blog. All I had to do was enter a username password. Sure my username had to be in the form of my blog URL (Inames and other standards can even fix that) but all I had to do is enter it and a password and that’s it.

    7. Jan 13th, 2007

      Aristotle

      OpenID doesn’t make registration with new services easier, it makes identity management easier. If you grant your trust towards the requesting website with your OpenID provider on registration, and stay logged into your OpenID, then logging back into a service is a simple matter of entering your OpenID. No usernames and no passwords to remember.

    Your comment, here ⇓

    Or using OpenID