Well I’m pleased to say that my development site now accepts OpenID logins.
In fact, I’ve decided that my site will ONLY support OpenID. Frankly, I just don’t see the point in having my (future) customers having to login with an ID specific to my site.
I want them to bring their OpenID with them. And if they don’t have one, then they’re going to have to get one! 
Anyway, I’m still got some thinking to do on the security front. I mean, it’s all well and good to accept an OpenID login so that someone can add a comment to your blog… But to let someone into your site and transfer $$$ (read: money) – well, I’m not yet sure of the implications – how can I ensure the level of authentication is good enough.
I know that MyOpenID and Verisign have username/password + CAPTCHA checking. But if someone rolls their own Identity Server with authentication that is too simple, then the user is exposed…
Anyway, much more research to do. Have to get into the OpenID spec. Plus there are lots of OpenID discussions going on these days.
Identity management is really starting to take off… Take a look at Scott Kveton’s blog - CEO of JanRain (owners of MyOpenID), and you can feel the excitement in every word he writes.
Finally, a very big thankyou to Andrew Arnott for his work on a more friendly OpenID ASP.Net login control. It’s a great piece of work, breaks down all the barriers… so all of you .NETers out there, no excuse not to start integrating OpenID support in your site.
0 Responses to “OpenID Enabled”