Our identities online are becoming ever more valuable to the companies that we entrust them to. What happens though when a company just ups and closes shop (Pownce, for example) and deletes your stuff? Sure, the individual files you'll have on your computer anyway, you won't have lost anything as far as bits and bytes are concerned--but what about friendships you've built up with people who you only know through the service. Your data should be portable so that you can take it to any service and not lose those relationships that you've built up in one walled-garden when it collapses, or you decide to move on. OpenID tries to solve this brand-centric problem by placing you at the centre of your data and allowing the sites you trust access through a single sign-on. OSnews is contemplating implementing OpenID and would like your feedback, but there are a few questions to consider--please read on for details
To read all comments associated with this story, please click here.
Member since:
2005-08-12
The point is to not let the site you're logging in to have your identity information. The parent JS security context has full access to the child iframe's JS security context, meaning the site asking for your OpenID credentials could then steal them from you.