Search code examples
webopeniduser-experienceuser-accountsauthentication

user identification with openID


Since I have never used openID befor I have no idea about it.

I want to know when someone want to log into my website using openID do I have to register his information (is there any registration process efen if the user don't fill the information).

should I provide an alternative classical user registration beside openID.


Solution

  • Opinionated Rant

    My opinion will almost certainly be unpopular; but I'm going to make it anyway, 'for the good of privacy' :)

    OpenID is not a great idea; typically in computer security it is considered bad to have a single account for everything, as if that account is compromised the person can compromise all services attached to it.

    OpenID violates this quite directly.

    As well as this, it creates a single point of failure, and if the protocol is shown to have a flaw [removed incorrect reference to OAuth flaw] it means you are susceptible everywhere.

    Now it goes without saying that OpenID provides convenience; and sure it does, but for mine, the cost of this is too great.

    Personally, I was a bit frustrated to note that OpenID was the only way to sign up to this site; so I would suggest to you that you provide an alternative mechanism (and if it were me, I would not implement OpenID at all).

    Summary

    Yes. Provide alternatives (IMHO).