Archives
February 2007
2/26/07
2/22/07
2/22/07
2/21/07
2/20/07
2/16/07
2/14/07
AOL and OpenID: Where we are
2/11/07
2/10/07
2/7/07
2/5/07
Wednesday, February 14, 2007
It's not really a secret that AOL has been experimenting with OpenID. As I've said, I think that user-centric, interoperable identity is hugely important to enable the social experiences we're trying to provide. This is a work in progress, but things are coming along thanks to our authentication team's diligent effort. Here's where we are today:
panzerjohn at 11:22:00 PM PST Blog about this entry |
Add to del.icio.us | 
digg this
AOL and OpenID: Where we are
It's not really a secret that AOL has been experimenting with OpenID. As I've said, I think that user-centric, interoperable identity is hugely important to enable the social experiences we're trying to provide. This is a work in progress, but things are coming along thanks to our authentication team's diligent effort. Here's where we are today:- Every AOL/AIM user now has at least one OpenID URI, http://openid.aol.com/<sn>.
- This experimental OpenID 1.1 Provider service is available now and we are conducting compatibility tests.
- We're working with OpenID relying parties to resolve compatibility issues.
- Our blogging platform has enabled basic OpenID 1.1 in beta, so every beta blog URI is also a basic OpenID identifier. (No Yadis yet.)
- We don't yet accept OpenID identities within our products as a relying party, but we're actively working on it. That roll-out is likely to be gradual.
- We are tracking the OpenID 2.0 standardization effort and plan to support it after it becomes final.
panzerjohn at 11:22:00 PM PST Blog about this entry |
Add to del.icio.us | digg this
This entry has 19 comments: (Add your own)
-
I have only just personally gone into discovering what Open ID is all about. This is because the 3rd party message board/blog system that I use is determined (understandably) not to allow guest posting.
I am at the moment trying to convince them that Open ID would be a great compromise. We are very limited on that system as forcing people to register with them just to leave the odd comment does put people off.
I think fear over someone getting hold of ones password and then going around other systems impersonating them is a little paranoid. Getting hold of a password on any system can happen rarely but I don't see how the risk is higher with Open ID.
I personally think Open ID is the best thing since sliced bread. It certainly saves all this registering on seperate systems all over the web. -
Theoretically OpenID *is* opt-in automatically. It only authenticates you on OpenID-enabled websites where you, personally, have originally asked it to do so.
If you never use your AOL OpenID to register on a website, it can't be used to log into it, so it's as secure as you, personally, want it to be.
If you want to use it, use it.
If you do not want to use it or have others use it if they steal your password, then never use it and they'll never be able to either. -
if its anything like securID we are all screwed...we all know how flawed that system is
http://www.seriouslyfunnyvideos.com -
This is indeed good news. While trying to do some exploratory integration / interoperability work I found several issues. First if the screen name is over a set number of chars many of the web interfaces truncate the value, however the openid.aol.com server doesn't, resulting in a page not found error. Second during the authentication process after the submission of the login form there are times when api.screenname.aol.com returns an HTTP Status OK with no content, when I would expect the authorization page, or a redirect back to the relying party with an error. I can provide additional details via email if anyone is interested.
8/6/08 11:16 AM