FOSS needs a central bug tracker

Callum Lerwick seg at haxxed.com
Sun Apr 26 00:29:05 UTC 2009 

On Sat, 2009-04-25 at 17:44 -0500, Arthur Pemberton wrote:
> On Sat, Apr 25, 2009 at 5:11 PM, Callum Lerwick <seg at haxxed.com> wrote:
> >> As for using email addresses as OpenIDs, this is something the OpenID
> >> community is talking about quite a bit right now; Google included.
> >
> > Having to type in a domain or an email address is NOT an improvement
> 
> Having a single account over multiple account is an improvement.
> 
> > This should require NO typing. The user should see no URLs, no domains,
> 
> Why not?
> 
> > no emails, they should see nothing but a button to click.
> 
> Why not? This is trying to solve the problem of multiple accounts not
> laziness. Eventually I'm sure there will be browser extensions to auto
> enter your open id info if you can't bare to Ctrl+C, Ctrl+V.

Does ease of use mean anything to you? Think about browser devices that
don't have keyboards.

You're trying to solve a much smaller problem than me. How is entering
your email everywhere an improvement over just using the same password
on every site? All you've done is made it so you enter one thing instead
of two. That's *it*. (Does OpenID even remove the need to go through an
email validation loop on every single site? Since it completely avoids
the entire notion of email, I don't think it does...)

I want a Single Sign On where I authenticate myself ONCE, per session. I
want to then be able to go to any site that supports OpenID, click "log
in" and be logged in. Period. No passwords, no nothing. I entered it
once, that's enough.

I do believe this is what the Gnome Online Desktop people are trying to
do. Log in to your desktop, and you're automagically logged in to every
web app you use. They do it by just storing all authentications in a
keyring, and use your desktop login as a master key. But where do you
store your keyring?

Every time you enter a club, do you have to wait for the bouncer to
confirm your mailing address, do a background check, interview your
references, pull your credit report, interview your employer, check your
fingerprints, and do a DNA test to make sure you are who you say you
are? No, you show them your ID. The bouncer has for the most part
delegated the task of identifying you to the government.

This is what OpenID should be like. You just show your ID, or rather the
browser does it for you when you instruct it to do so by clicking the
"log in" button, and you're done. That's it. One click. Done.

Different OpenID providers are kind of like different states. Or like
IDs from different countries. Passports. Whatever makes sense to you.
Different organizations that have agreed to trust each other to vouch
for their own citizens.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090425/d3e34e88/attachment.sig>

More information about the fedora-devel-list mailing list