Why OpenID?

jfriend · February 25, 2007

I see in the latest release that Smugmug supports some form of OpenID. Can anyone explain what we would do with this?

Has anyone used it yet?

Baldy · February 25, 2007

http://www.centernetworks.com/openid-what-is-it-and-why-everyone-is-talking-about-it

jfriend · February 25, 2007

Baldy wrote:

http://www.centernetworks.com/openid-what-is-it-and-why-everyone-is-talking-about-it

I've read these types of writeups, so I understand that much of the promise. What I don't understand is what will I do with Smugmug's support of OpenID?

Are you hoping that users use their Smugmug login/ID in other sites?

Are you accepting other site's OpenID logins as your Smugmug identity when you sign up? when you login?

When in my site experience or my visitor's Smugmug experience is this useful?

Is there a list of sites that support OpenID?

Andy · February 25, 2007

jfriend wrote:

I've read these types of writeups, so I understand that much of the promise. What I don't understand is what will I do with Smugmug's support of OpenID?

We’re an OpenID 1.1 Provider. Hundreds of thousands of SmugMug customers can now use their SmugMug homepage URL as their ID on sites all over the net.
You can use your OpenID (your SmugMug URL when you are logged in) to access these other sites easily: for example, leaving a comment on Zoomr. Or a blog.

Are you hoping that users use their Smugmug login/ID in other sites?

Not hoping, but hopeful that it makes things easier

Are you accepting other site's OpenID logins as your Smugmug identity when you sign up? when you login?

We’re planning on consuming OpenID for photo comments and other things shortly.

When in my site experience or my visitor's Smugmug experience is this useful?

For you, if you wish to use another service, so the example of leaving a comment on a blog, or AOL somewhere, or another photo site. For your visitors, if they come from an OpenID provider, they'll leave a comment maybe on your site, much easier.

Is there a list of sites that support OpenID?

Sure.

jfriend · February 25, 2007

Andy wrote:

We’re an OpenID 1.1 Provider. Hundreds of thousands of SmugMug customers can now use their SmugMug homepage URL as their ID on sites all over the net.
You can use your OpenID (your SmugMug URL when you are logged in) to access these other sites easily: for example, leaving a comment on Zoomr. Or a blog.
Not hoping, but hopeful that it makes things easier

We’re planning on consuming OpenID for photo comments and other things shortly.

For you, if you wish to use another service, so the example of leaving a comment on a blog, or AOL somewhere, or another photo site. For your visitors, if they come from an OpenID provider, they'll leave a comment maybe on your site, much easier.

Sure.

OK, thanks. That's what I was looking to understand.

Allen · February 25, 2007

jfriend wrote:

OK, thanks. That's what I was looking to understand.

Glad you do. Now explain it to us dummys.:D

jfriend · February 26, 2007

Allen wrote:

Glad you do. Now explain it to us dummys.:D

Here's are some useful articles on openID:

http://ibox-security.net/seanprice/blog/openid-explained-in-5-minutes/

http://simonwillison.net/2007/Feb/25/six/
http://www.billda.com/openid-is-so-cool-whats-the-holdup
http://mentionables.blogspot.com/2007/02/openid.html
http://www.centernetworks.com/openid-what-is-it-and-why-everyone-is-talking-about-it
http://bloggingabout.net/blogs/adelkhalil/archive/2007/02/16/openid-and-all-the-hassle-goes-away.aspx

jfriend · February 26, 2007

OpenID login failed

Andy wrote:

We’re an OpenID 1.1 Provider. Hundreds of thousands of SmugMug customers can now use their SmugMug homepage URL as their ID on sites all over the net.
You can use your OpenID (your SmugMug URL when you are logged in) to access these other sites easily: for example, leaving a comment on Zoomr. Or a blog.
Not hoping, but hopeful that it makes things easier

We’re planning on consuming OpenID for photo comments and other things shortly.

For you, if you wish to use another service, so the example of leaving a comment on a blog, or AOL somewhere, or another photo site. For your visitors, if they come from an OpenID provider, they'll leave a comment maybe on your site, much easier.

Sure.

I may not know what I'm doing with OpenID, but I came across this site that takes an openID login so I tried my Smugmug URL "jfriend.smugmug.com" and it just fails and says:

OpenID authentication failed

No session state found.

Am I doing something wrong? Is there something wrong with the site I was trying it on? Is this supposed to work? Are there example sites where my Smugmug homepage ID would work for an openID login?

devbobo · February 26, 2007

jfriend wrote:

I may not know what I'm doing with OpenID, but I came across this site that takes an openID login so I tried my Smugmug URL "jfriend.smugmug.com" and it just fails and says:

OpenID authentication failed

No session state found.

Am I doing something wrong? Is there something wrong with the site I was trying it on? Is this supposed to work? Are there example sites where my Smugmug homepage ID would work for an openID login?

John,

it does work, but one of the things that is a bit sucky about OpenID is that you need to provide the "correct" url. ie. in your case 'http://jfriend.smugmug.com/' including the trailing slash.

Read Don's blog for more info.

Cheers,

David

jfriend · February 26, 2007

devbobo wrote:

John,

it does work, but one of the things that is a bit sucky about OpenID is that you need to provide the "correct" url. ie. in your case 'http://jfriend.smugmug.com/' including the trailing slash.

Read Don's blog for more info.

Cheers,

David

Thanks, I got LiveJournal to take my login with the trailing slash, but found four other sites that just reported errors. Definitely looks like there are interesting possibilities here, but I guess it's just getting going.

It's ironic that the LiveJournal UI shows an example URL without the trailing slash.

spdev · March 3, 2007

jfriend wrote:

Here's are some useful articles on openID:

http://ibox-security.net/seanprice/blog/openid-explained-in-5-minutes/

http://simonwillison.net/2007/Feb/25/six/
http://www.billda.com/openid-is-so-cool-whats-the-holdup
http://mentionables.blogspot.com/2007/02/openid.html
http://www.centernetworks.com/openid-what-is-it-and-why-everyone-is-talking-about-it
http://bloggingabout.net/blogs/adelkhalil/archive/2007/02/16/openid-and-all-the-hassle-goes-away.aspx

at first i was confused about openid and didnt really see much advantage, but after alot of reading and recently implementing openid commenting on my blog im beggining to see how it could be useful, although there are plenty of possible security flaws/exploits that could arise from this.

StevenV · March 19, 2007

I'm just getting started with this and am slightly confused... if we have a .MyOpenID.com identity, can we use it in some way with our (pro) SmugMug account?

Andy · March 19, 2007

StevenV wrote:

I'm just getting started with this and am slightly confused... if we have a .MyOpenID.com identity, can we use it in some way with our (pro) SmugMug account?

no but you can use your http://nickname.smugmug.com on other openID sites, AFAIK.

StevenV · March 19, 2007

Ah, I had it backwards. thanks.

jfriend · March 19, 2007

StevenV wrote:

Ah, I had it backwards. thanks.

As I've read up on OpenID, I've gotten the impression that most users are likely to choose one large, stable organization that they are likely to have a long term relationship with and use that as their main "openID provider".

For example, I believe AOL has provided all AIM users with an openID identity and MSN has announced it's intention to also. I would assume that Yahoo and Google would follow suit.

Once you have an openID identity, it's more interesting to you as a user to find lots of openID "consumers" so that you can use your main identity in lots of places, thus saving you the work of having to create lots of new user accounts all over the internet.

Because the security implifications are fairly simple for some uses, it appears that a number of places are starting to consume openID identities for identifying the posters of blog comments. Earlier in this thread, Smugmug indicates that they will probably do that for Smugmug photo comments too which allows the person leaving the comment to be identified.

This one is pure conjecture on my part (and I'm sure the Smugmug folks have even better ideas up their sleeves), but as an idea of what could be done with openID, Smugmug could allow openID authorization for access control to galleries, so you could list the openIDs of family members allowed to access a gallery and they could then access the desired galleries without having to enter gallery passwords. This would enable true access control without requiring every viewer to register on the Smugmug site. It probably remains to be seen if openID authentication becomes trusted enough for Smugmug customers to want to use it this way, but it is the promise of a system like this.

rainforest1155 · March 22, 2007

jfriend wrote:

This one is pure conjecture on my part (and I'm sure the Smugmug folks have even better ideas up their sleeves), but as an idea of what could be done with openID, Smugmug could allow openID authorization for access control to galleries, so you could list the openIDs of family members allowed to access a gallery and they could then access the desired galleries without having to enter gallery passwords. This would enable true access control without requiring every viewer to register on the Smugmug site. It probably remains to be seen if openID authentication becomes trusted enough for Smugmug customers to want to use it this way, but it is the promise of a system like this.

John, I totally dig this great idea of yours! Please go ahead and post it in the feature requests.

Sebastian

rainforest1155 · March 22, 2007

Andy wrote:

no but you can use your http://nickname.smugmug.com on other openID sites, AFAIK.

Plus custom domains seem to work too!

Sebastian

jfriend · March 22, 2007

rainforest1155 wrote:

John, I totally dig this great idea of yours! Please go ahead and post it in the feature requests.

Sebastian

Done. Feature request posted here.

devbobo · March 22, 2007

jfriend wrote:

Done. Feature request posted here.

John,

As Don mentioned in the Feature Request thread, we came up with this idea a few weeks ago, as a solution to a 3rd party interfacing issue...and it really sucks that we can't implement it.

David

Baldy · March 23, 2007

jfriend wrote:

This one is pure conjecture on my part (and I'm sure the Smugmug folks have even better ideas up their sleeves), but as an idea of what could be done with openID, Smugmug could allow openID authorization for access control to galleries, so you could list the openIDs of family members allowed to access a gallery and they could then access the desired galleries without having to enter gallery passwords. This would enable true access control without requiring every viewer to register on the Smugmug site. It probably remains to be seen if openID authentication becomes trusted enough for Smugmug customers to want to use it this way, but it is the promise of a system like this.

Why am I not surprised that you would ask this question?

It's a great question and something we'd love to do, but our understanding of the patent trolls is anything that identifies a second user to grant permission is something they feel violates their patents (that they don't use). We're exploring a license.

jfriend · March 23, 2007

Baldy wrote:

Why am I not surprised that you would ask this question? It's a great question and something we'd love to do, but our understanding of the patent trolls is anything that identifies a second user to grant permission is something they feel violates their patents (that they don't use). We're exploring a license.

I am all to familiar with patent litigation myself. The less money you can spend on lawyers, the better. I hope you figure this one out even if it pains you to pay for a license to something that just shows how in need of a redesign the patent system is.

Tedology · March 25, 2007

Forgive me for asking this... as I'm a laymen in every sense of the word.

But wouldn't an OpenID open up the door for massive identity theft? (ie. If the hackers get my OpenID, then they have access to EVERY account that I use it?)

Or perhaps I'm not understanding this correctly.

StevenV · March 26, 2007

Tedology wrote:

But wouldn't an OpenID open up the door for massive identity theft? (ie. If the hackers get my OpenID, then they have access to EVERY account that I use it?)

It's meant, as I understand, for the myriad of accounts that if stolen wouldn't be a financial or identity loss.
Kim Cameron: "It is as strong, and as weak, as DNS. In other words, it is great for transactions that won’t attract criminal attack, and terrible for those that will."

jfriend · March 26, 2007

Tedology wrote:

Forgive me for asking this... as I'm a laymen in every sense of the word.

But wouldn't an OpenID open up the door for massive identity theft? (ie. If the hackers get my OpenID, then they have access to EVERY account that I use it?)

Or perhaps I'm not understanding this correctly.

I have more than 100 online accounts on the net. For most of them, it's a total nuisance to have to maintain a completely separate account and I'd love to be able to use the same login at many of them. To give you some examples, I'd be perfectly happy to have one OpenID account that I could use at:

adobe
linkedin
dpreview
dgrin
statcounter
blogger
fredmiranda
nikoncafe
ups
retouchpro
nikonians
slashdot
five different golf courses that accept online tee times
opentable
youtube
various loyalty programs that have web sites (like airlines)

Note that none of these accounts have my credit card, they are just things I use on the net that require a user account before I can use them.

I don't think anyone is arguing that the technology is ready for accounts that do serious financial transactions. It's crawl, walk, run. Let's first solve the problem of the proliferation of lots of low security risk accounts.

Why OpenID?

Comments