If you own a domain that's an OpenID provider, you won't be able to use that.
Aren't there OpenID users who host their own identities exclusively for themselves? Is there danger in letting people do this? (I seriously don't know much about OpenID practices.)
Ten private companies, a number of US Government Federal Agencies primarily in the Health sector and the OpenID and Information Card Foundations will announce this morning in Washington DC the launch of a pilot program to allow members of the public to log in to participating government websites with their credentials from approved independent websites.
They're not allowing any OpenID cert, they're just blessing the big providers (presumably Google, Yahoo, etc...).
"[W]hen we authenticate ourselves with Google, Yahoo, Verisign or whoever our Identity Provider of choice is, that website will pass a different, unique URL to the government site we're logging in to."
Sounds like Google, Yahoo, Verisign or whoever [sic] will have a lot of information about which government agencies you interact with and how often.
It's a step in the right direction. But I'm still wanting to use my own domain for my openid. The common attacks on open id (phishing, man in the middle when authenticating, etc) aren't mitigated by limiting the number of providers. I'd rather they come up with a security standard for openID providers then white list a few.
[+] [-] fallintothis|16 years ago|reply
Aren't there OpenID users who host their own identities exclusively for themselves? Is there danger in letting people do this? (I seriously don't know much about OpenID practices.)
[+] [-] ajross|16 years ago|reply
Ten private companies, a number of US Government Federal Agencies primarily in the Health sector and the OpenID and Information Card Foundations will announce this morning in Washington DC the launch of a pilot program to allow members of the public to log in to participating government websites with their credentials from approved independent websites.
They're not allowing any OpenID cert, they're just blessing the big providers (presumably Google, Yahoo, etc...).
[+] [-] steveklabnik|16 years ago|reply
[+] [-] rfreytag|16 years ago|reply
Sounds like Google, Yahoo, Verisign or whoever [sic] will have a lot of information about which government agencies you interact with and how often.
[+] [-] codexon|16 years ago|reply
[+] [-] wizard_2|16 years ago|reply
[+] [-] tlrobinson|16 years ago|reply
Lame.
[+] [-] mildweed|16 years ago|reply
[+] [-] waratuman|16 years ago|reply