UI Options and user preferences stored locally

Antranig Basman antranig.basman at colorado.edu
Tue Jan 4 15:05:54 UTC 2011


On 04/01/2011 07:59, Richard Schwerdtfeger wrote:

>  > In the new year, Antranig and the UI Options team are planning to
>  > start work on cloud-based user preferences storage. The plan is to
>  > create a reference implementation of a user preferences server
>  > integrated with OpenID. I know that you have some concerns about
>  > OpenID, but I think it offers the only reasonable starting place for
>  > being able to demonstrate widely-supported cloud based user
>  > authentication. From there, we can talk further about how we might
>  > want to production-harden the implementation.
>  >
>
> As I mentioned to Antranig, I am not a fan of OpenID. It has had very little industry uptake and is subject
> to phishing via masquerading brokers. Last I spoke to IBM security experts they did not support it for this
> reason.
>
> I have concerns about using it just to "demonstrate" that we can provide preferences to an application. We
> could do that now with web services. I can't support OpenID as a strategy for GPII.

Thanks for voicing these concerns, Richard. We do need to make practical progress on this front, however. 
Could you suggest an alternative technology to OpenID that has some level of public currency as a standard 
and implementation? You mention that OpenID has "very little industry uptake" but as far as I am aware, any 
alternatives have even less. OpenID has at least been taken up by the likes of Google, Yahoo, Paypal, and 
the BBC. Also, I'd be grateful if you could provide some links to analysis of the security deficiencies of 
OpenID so that we can understand them better, and also, which we could perhaps use to base any evaluation of 
a replacement standard.

Many thanks,
Antranig.



More information about the fluid-work mailing list