FOSS needs a central bug tracker

Callum Lerwick seg at haxxed.com
Sat Apr 25 22:11:56 UTC 2009 

On Fri, 2009-04-24 at 11:36 +0100, Bill Crawford wrote:
> On Thursday 23 April 2009 20:54:34 Callum Lerwick wrote:
> > On Wed, 2009-04-22 at 22:46 +0200, Kevin Kofler wrote:
> > > Callum Lerwick wrote:
> > > > That doesn't make them wrong about OpenID's UI sucking.
> > >
> > > A proprietary Google "standard" "based on OpenID" isn't a solution to
> > > that though.
> >
> > Yes it is a solution. A monopolistic Google only solution, but it's a
> > solution.
> >
> > That's why I'm saying we better come up with an un-biased free solution,
> > and do it fast. Before Google gains ground.
> 
> It is NOT a monopolistic Google-only solution, that's what became clear after 
> actually reading a particular comment *FROM ONE OF THE DESIGNERS OF OpenID* on 
> that blog post.
> 
> About half-way down, quote:
> 
> 
> David Recordon
> Oct. 30th, 2008 at 12:51 am
> 
> Google is taking advantage of a feature in OpenID 2.0 known as "Directed 
> Identity". This allows an OpenID 2.0 Relying Party to start the OpenID protocol 
> flow using a known URL (Yahoo!'s is http://openid.yahoo.com/) to allow for "one 
> click" style login dialogues. By performing discovery on this URL, using the 
> XRDS XML format, the OpenID Provider advertises the OpenID Endpoint URL for the 
> Relying Party to make a request against. Google is doing this correctly with 
> the URL to perform discovery against being 
> https://www.google.com/accounts/o8/id.

Say I'm Joe Blow. I run Joe Blow's OpenID Provider off a server in my
house running off a business class cable connection.

I got to LiveJournal, and I want to log in using Joe Blow's OpenID
Provider. How does livejournal.com know to display a "Login using Joe
Blow's OpenID" button without me having to cut and paste or type
anything first? I don't see any way to do it without needing some kind
of interaction with the browser.

I'm not seeing how Directed Identity prevents web sites from having to
hard code every possible OpenID provider. Which will still leave out the
little guys like Joe Blow. THAT is what I mean by monopolistic and
biased.

Near as I can tell Directed Identity does nothing to address this kind
of automated discovery.

> As for using email addresses as OpenIDs, this is something the OpenID
> community is talking about quite a bit right now; Google included.

Having to type in a domain or an email address is NOT an improvement.
This should require NO typing. The user should see no URLs, no domains,
no emails, they should see nothing but a button to click.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090425/aacfaeaf/attachment.sig>

More information about the fedora-devel-list mailing list