Content deleted Content added
No edit summary |
|||
| (181 intermediate revisions by 92 users not shown) | |||
Line 1:
{{Talk header}}
{{WikiProject banner shell|class=B|
{{WikiProject Internet |importance=High}}
{{WikiProject Computing |importance=Mid |network=y |network-importance=Mid}}
{{WikiProject Computer Security |importance=Low}}
}}
== History of OpenID releases ==
This is totally missing, there's a total lack of overview of OpenID releases. This is particularly important as they moved to a non-numerical versioning scheme. <!-- Template:Unsigned IP --><small class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/119.236.162.39|119.236.162.39]] ([[User talk:119.236.162.39#top|talk]]) 03:50, 17 December 2017 (UTC)</small> <!--Autosigned by SineBot-->
I agree --[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 18:49, 19 October 2018 (UTC)
== Facebook as OpenID provider ==
Article is incorrect as it lists Facebook as OpenID provider. Facebook is OpenID relaying party but not provider. Source: http://stackoverflow.com/questions/1827997/is-facebook-an-openid-provider. I can confirm this, tried to use my facebook page facebook.com/myusername as an OpenID URL. It didn't work. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Ilkkao|Ilkkao]] ([[User talk:Ilkkao|talk]] • [[Special:Contributions/Ilkkao|contribs]]) 12:43, 3 May 2010 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
Microsoft is neither OpenID provider http://stackoverflow.com/questions/2424449/provider-discovery-url-in-windows-live-id The table is really misleading. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Ilkkao|Ilkkao]] ([[User talk:Ilkkao|talk]] • [[Special:Contributions/Ilkkao|contribs]]) 18:10, 3 May 2010 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
== Delegated identity? ==
The article mentions something called a "delegated identity" and says it will be explained below but it does not do this. Can someone please add this information? <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:41.222.128.72|41.222.128.72]] ([[User talk:41.222.128.72|talk]] • [[Special:Contributions/41.222.128.72|contribs]]) 08:39, 1 November 2008</span></small><!-- Template:Unsigned -->
== OpenID vs SAML ==
I think a such comparison would be interesting. A possibile source to summarize: [http://identitymeme.org/doc/draft-hodges-saml-openid-compare-05.html this white paper] ([[Special:Contributions/151.97.56.8|151.97.56.8]] ([[User talk:151.97.56.8|talk]]) 17:56, 1 December 2008 (UTC))
== Contradicting information about single sign-on ==
[[Single_sign-on#Common_Single_Sign-On_Configurations]] says that OpenID is not a single sign-on system, while the intro of the OpenID article says that it is. -[[User:Pgan002|Pgan002]] ([[User talk:Pgan002|talk]]) 07:31, 19 February 2009 (UTC)
: You're right, OpenID isn't a single sign-on system because you have to log-in actively on each website you visit.
: I just removed the contradiction, I'm not sure if a small paragraph explaining why it isn't a single sign-on system would be useful. [[User:Calimo|Calimo]] ([[User talk:Calimo|talk]]) 10:43, 27 February 2009 (UTC)
: The Intro still seems to imply that it is SSO. The line " allowing a user to log in once and gain access to the resources of multiple software systems.[1]" certainly sounds like SSO. In addition I read the resource at [1] and I don't see any mention of logging in once and accessing multiple systems. ([[Special:Contributions/66.18.228.44|66.18.228.44]] ([[User talk:66.18.228.44|talk]]) 15:58, 8 May 2009 (UTC))
== security issues ==
There is no discussion in this article about the serious security issues that arise with having a single username/password combo that can log into every site on the planet. Crack my myspace account, and you can then precede to clean-out all my bank accounts. Really. Bad. Idea. <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/71.57.108.198|71.57.108.198]] ([[User talk:71.57.108.198|talk]]) 00:35, 30 March 2009 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
: I disagree. For someone interested in the subject, a bare introduction into information security models will be enough to understand that OpenID is, well, a bubble. For those trying to find a quick but more or less weighted opinion, the article says it all: all major corps (except Facebook as of Jul 09), are happy to be OpenID providers, but never consumers. <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/77.123.70.15|77.123.70.15]] ([[User talk:77.123.70.15|talk]]) 19:27, 29 July 2009 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
: Forgot to add. As I was writing the previous comment, I decided to sign up for an account. Guess what? Wikipedia, too, does not accept OpenID accounts. <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/77.123.70.15|77.123.70.15]] ([[User talk:77.123.70.15|talk]]) 19:38, 29 July 2009 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
:Why for God's sake would you use myspace as a OpenID provider for your bank? And also which bank would allow itself to "outsource" authentication by being OpenID consumer? I haven't heard about such a bank. <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/109.239.167.80|109.239.167.80]] ([[User talk:109.239.167.80|talk]]) 22:25, 28 February 2011 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
This is my open id account [http://jfred438.myopenid.com/ Myopenid] It's just ripe for spam. The whole openid thing is bad news, at least my bank doesn't use it 'yet'. <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/94.169.97.57|94.169.97.57]] ([[User talk:94.169.97.57|talk]]) 00:40, 5 October 2010 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
Even worse, I am to understand that if I have an AOL account, without any action on my part I now automatically have an OpenID, which anyone who cracks my AOL acct can now use to sign-up on any site that uses OpenID? So I have to now go around canceling all my accts that automatically create OpenID accts? Please tell me I'm misunderstanding something here. <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/71.57.108.198|71.57.108.198]] ([[User talk:71.57.108.198|talk]]) 00:39, 30 March 2009 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
: No worse than the existing system by which if someone cracks your e-mail account, they can reset all your passwords. [[Special:Contributions/205.155.154.3|205.155.154.3]] ([[User talk:205.155.154.3|talk]]) 02:01, 23 April 2009 (UTC)
:: Of course it's worse. In your example there is only one point of entry. [[Special:Contributions/63.112.58.114|63.112.58.114]] ([[User talk:63.112.58.114|talk]]) 20:33, 7 June 2010 (UTC)
I see couple accusations not backed by any technical explanation - for instance the phishing attacks. My question is how do you defeat SSL/TLS then? And if you are redirected to a non-encrypted login page, you shouldn't give your credentials anyway. <span style="font-size: smaller;" class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/109.239.167.80|109.239.167.80]] ([[User talk:109.239.167.80|talk]]) 22:32, 28 February 2011 (UTC)</span><!-- Template:UnsignedIP --> <!--Autosigned by SineBot-->
: All the security issues above really exist. The problem is the potentially malicious relying party. No need to crack any SSL, because it _IS_ "in the middle" already. No extra "man-in-the-middle" efforts needed. You talk with _this_ malicious relying party via SSL (or https, anyway) already. <span style="font-size: smaller;" class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/84.56.52.26|84.56.52.26]] ([[User talk:84.56.52.26|talk]]) 14:26, 25 March 2012 (UTC)</span><!-- Template:Unsigned IP --> <!--Autosigned by SineBot-->
== May 2009 unsourced and aparently fake information ==
I've just removed this from the "2009" subsection
"In May Facebook launched their relying party functionality, letting users use a Google, Yahoo or OpenID to log into their Facebook account."
It has no source, I've found no source for it, and www.facebook.com shows no sign of this, so until someone proves contrary, I'm considering untrue (remember source should ALWAYS be posted). [[User:Hugo 87|HuGo_87]] ([[User talk:Hugo 87|talk]]) 19:54, 6 June 2009 (UTC)
:Perhaps this will help? http://developers.facebook.com/news.php?blog=1&story=246 ~~ [[User:JGXenite|<span style="color: #AB0F31">[ジャム]</span>]]<sup><nowiki>[</nowiki>[[User talk:JGXenite|<span style="color: #000">t</span>]] - [[Special:Contributions/JGXenite|<span style="color: #000">c</span>]]<nowiki>]</nowiki></sup> 22:32, 6 June 2009 (UTC)
::Cool. I could find no information on the subject, so I though it might be untrue. I've still to find WHERE you login using your OpenID, since all I can find, is the same old registration form. [[User:Hugo 87|HuGo_87]] ([[User talk:Hugo 87|talk]]) 02:09, 8 June 2009 (UTC)
:::While this probably falls into the realm of [[WP:NOT#FORUM]], you need to add an OpenID account to your "Account settings" page. Then, when you log out, it will automatically log you in (if you're OpenID account supports auto-login). ~~ [[User:JGXenite|<span style="color: #AB0F31">[ジャム]</span>]]<sup><nowiki>[</nowiki>[[User talk:JGXenite|<span style="color: #000">t</span>]] - [[Special:Contributions/JGXenite|<span style="color: #000">c</span>]]<nowiki>]</nowiki></sup> 19:26, 8 June 2009 (UTC)
== You lost me ==
Sorry. I can't figure out what this is all about.
All I want to do is login this new supposedly simpler way to some website. [[User:Jidanni|Jidanni]] ([[User talk:Jidanni|talk]]) 23:10, 10 September 2009 (UTC)
: I was coming here to say the same thing - for a wikipedia article this doesn't have a very good plain language explanation, and it launches into way way too much technical details in a very formal way. So I've added a "Simple Overview" section. Perhaps it's a bit of duplication of what's in the introduction, but the introduction has a job to do that doesn't allow it to be as simple as people need it to be. So I figure this might do the trick. Especially with the example.
: Please let me know (with a comment here) if it leaves you with any other questions. I'm a very technical person, but I've been told I've got the ability to explain complicated things in a very simple way. [[Special:Contributions/67.68.45.132|67.68.45.132]] ([[User talk:67.68.45.132|talk]]) 19:55, 20 February 2010 (UTC)
:: I've updated the introduction in an attempt to provide a less technical overview of what the protocol is actually facilitating. I hope this will be more informative for the general reader. I also noticed that the "Simple Overview" section is no longer there - was it merged with the introduction at some point? -- [[User:Arndisj|Arndisj]] ([[User talk:Arndisj|talk]]) 03:29, 25 October 2011 (UTC)
== As clear as mud ==
I have been reading up on openID for around an hour, and still haven't any real idea what it is. I presume there are three situations:
user, Website using openID to log in, website acting as openID provider .... but there might be some kind of indirect openid.
By far the worst article is the wikipedia one, which basically is a bit like reading an account of Christianity which fails to mention someone called jesus, because it is basically written by and for a bunch of Roman Catholic theologians and not for someone who hasn't the faintest clue what Christianity is.
What is openID? I think it is a way to be able to sign on to many websites using one single ID ... or perhaps not ... perhaps it is a way to autheniticate a website as being authentic, so I know a site with "OPENID" has signed up for an openID?
... and then can/would I want to, integrate this with my own PHP driven password authentication on my own websites.
[[Special:Contributions/79.79.255.151|79.79.255.151]] ([[User talk:79.79.255.151|talk]]) 09:25, 15 September 2009 (UTC)
== OpenID does not allow open login as suggested in intro ==
I was heavily misled by the original intro, in that it seemed to imply that OpenID provided a means for universal login to any site. After spending quite a bit of time investigating, I have realised that openID simply provides a common standard for a website to vouch for a user. This does not remove the question of "can I trust this person", but instead replaces it with "Can I trust the website that says they trust this person" .... and remember any person can create a website vouching for users like spam597.spambotsRus.com
So, I have changed the intro to remove the suggestion of universality of login in, and to emphasise that some openIDs will be more open than others [[User:Isonomia|Bugsy]] ([[User talk:Isonomia|talk]]) 12:49, 19 September 2009 (UTC)
== I came up with this Idea! ==
Check my credentials and lookup my filed patents with the USPTO. Or search google "dennis lyon invention" in the WIPO. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 04:04, 3 October 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
<span id="Get real"></span>
;Get real
Someone claiming to be Dennis Lyon is claiming to have invented OpenID. He cites a WIPO filing from 2006, a year after OpenID was developed, and a patent application from 2009. The last time someone removed this unsupported claim from the article, he put it back in. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Klodolph|Klodolph]] ([[User talk:Klodolph|talk]] • [[Special:Contributions/Klodolph|contribs]]) 08:24, 3 October 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
:I have no reason to doubt that the editor is who he claims, as the IP is from the same area. As for the particular claims being made, the underlying concept was established in the digital identity community well before 2004. The folks from Ram Technics also falsely claimed to be the first to originate the concept, and even claimed that a patent for OpenID (which doesn't exist) was the result of a breach of trust by Microsoft (which had no involvement in OpenID until around 2007) regarding its TADAG architecture (for which there were no patents or copyrights, filed or granted). The evidence provided only shows that Lyon committed identity theft (and thus has no compunction about perpetrating a fraud), works in the identity management field (and thus has a [[WP:COI|conflict of interest]] regarding the subject matter), and filed patent applications after OpenID implementations were already available (and thus may run afoul of prior art). Even if [[WP:V|verifiability]], [[WP:OR|original research]], and [[WP:RS|reliable sources]] were not an issue, the statements are simply irrelevant. As I mentioned in my edit summary, this article is specifically about the standard, not the concept. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 14:51, 4 October 2009 (UTC)
This is a great discussion since we would like to have strong IP when our patent issues and any papers or concepts that are before our conception, we would like to bring to our examiners attention before we are issued a patent. Can you please cite? <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 17:12, 4 October 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
:This talk page is for discussion about editing the Wikipedia article on the OpenID standard. Any discussion not related to improving the article within the bounds of Wikipedia policy is not appropriate. It's also a bit hypocritical to show a sudden concern about citing sources, yet continue to add inadequately sourced material to the article. Given that the information you're requesting would not be appropriate to mention in this article for the reason I already explained, it is irrelevant (see the [[WP:TALK|talk page guidelines]]). [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 17:53, 4 October 2009 (UTC)
I have already exceeded the limitations on edit reverts under the [[WP:3RR|three-revert rule]], and will refrain from editing the article for a while. Mr. Lyon's edits still do not satisfy Wikipedia policies, and may constitute an attempt to inappropriately exploit Wikipedia to influence a patent prosecution and possible future litigation. Based on this, I believe that any further additions of Mr. Lyon's claims that aren't accompanied and explicitly verified by reliable independent sources should be removed immediately. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 18:29, 4 October 2009 (UTC)
:Obviously your argument does not stand as no citation can be produced. We have subsequently submitted to Wiki Admin to independently verify our additions. We legitimatly cite our patent application which clearly defines OpenID and the conviction article available on the web. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 19:25, 4 October 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
::Per the verifiability policy I mentioned before, "The burden of evidence lies with the editor who adds or restores material. All quotations and any material challenged or likely to be challenged must be attributed to a reliable, published source using an inline citation. The source cited must unambiguously support the information as it is presented in the article." None of the evidence shown actually verifies the claims that you "invented," were "the first to envision and develop the concept," or were "the first to describe the processes that are involved" for OpenID. It is all original research (which I also addressed earlier) based on circumstantial evidence. You are making [[WP:REDFLAG|exceptional claims]], which require exceptional sources. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 21:07, 4 October 2009 (UTC)
:::Reliable Published Source/ Exceptional Source = United States Patent Office. Claims = Application Number: 20060212407 <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 21:25, 4 October 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
::::*Patent application: filed June 22, 2005
::::*OpenID: publicly released May 16, 2005
::::If you had read the policy on original research, you would have noticed the part that addresses the use of primary-source material: "Do not make analytic, synthetic, interpretive, explanatory, or evaluative claims about information found in a primary source." [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 21:39, 4 October 2009 (UTC)
Here is the patent; [http://www.freepatentsonline.com/y2006/0212407.html User authentication and secure transaction system] . Naturally it says absolutely nothing about OpenID. Whether it ''is'' the same as OpenID is a matter of [[WP:OR|personal interpretation]], making it an unsuitable cite on Wikipedia as [[User:Dancter|Dancter]] explains above. If [[User:Globalstage|Globalstage]] wishes include this issue on the OpenID article a reliable source must be produced that discusses the similarities between them. Until such a cite is provided we have nothing but [[User:Globalstage|Globalstage]]'s [[WP:POV|opinion]] that the patent describes OpenID. --[[User:Escape_Orbit|<span style="color:purple;">Escape Orbit</span>]] <sup>[[User_talk:Escape_Orbit|(Talk)]]</sup> 22:21, 4 October 2009 (UTC)
Here is a simple piece from the patent: "Parties may specify authentication procedures. A party may be authenticated for one or more third parties and may be authenticated in a manner without disclosing some or all of the party's personal information to the one or more third party." Sounds like OpenId however you can cite many parts of the patent that describe OpenID. This application is the reason why you do not see another application for a patent as it turns up in searchs and is cited by examiners as prior art. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 22:33, 4 October 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
:I implore you to review the policies and guidelines to which I have linked, which address the types of arguments you are making. You seem to be willfully ignorant even of the portions I have directly quoted. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 22:47, 4 October 2009 (UTC)
:What you say may be true, but you still need a cite that says it for you. It is not permissible for contributing editors to provide their own interpretations of things. --[[User:Escape_Orbit|<span style="color:purple;">Escape Orbit</span>]] <sup>[[User_talk:Escape_Orbit|(Talk)]]</sup> 22:53, 4 October 2009 (UTC)
::Mr. Lyon knows full well why there are no patent applications filed on behalf of OpenID, as he tried to remove the relevant text from the article.[http://en.wikipedia.org/wiki/OpenID?diff=317866607&oldid=317866178] [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 22:49, 13 October 2009 (UTC)
We would like an editor to update the history to give credit to Dennis Lyon for this technology. Our research indicates we are over 1 year prior to any version of "Yadis" of "OpenID" ever being released and 3 years and more to the inclusion of a data exchange and token additions. please see "Flash Of Genius Doctrine" which was soon overturned however a catalyst for this technology exists in the "Dennis Lyon Identity Theft Case". <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 18:08, 25 October 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
:You are still arguing on original research. I don't know how to make this any clearer to you: the subject of this article is a ''standard'', not a technology. This is why the history section begins where it does. Who was the first to develop a particular technology used in the standard is not directly relevant, nor is it particularly notable. Whatever success OpenID has achieved could arguably be attributed more to being an open standard than to the particular technology used. Until Lyon's patent manages to significantly and demonstrably impact OpenID in some way as directly established by reliable and independent secondary sources, there is no reason to mention it here. Please do not discuss the matter further unless you can somehow explain how the content complies with the Wikipedia policies mentioned previously. Per the [[WP:TALK|talk page guidelines]], "it is usually a misuse of a talk page to continue to argue any point that has not met policy requirements." [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 22:00, 31 October 2009 (UTC)
::OpenID: Is a Technology. Since when were the protocols of OpenID made standard? Please tell us what authority made this a standard? Your a wiki expert, how bout doing some home work and updating this for us. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 01:47, 1 November 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
:::Stop with the indignant posturing. We have repeatedly mentioned and linked the appropriate policies, and requested that you establish how your claims comply with those policies, yet nothing you have done here indicates that you've even read them. Perhaps "standard" wasn't the best term for me to use (though I think your hair-splitting over the matter is a straw man), but the fact that you refer to protocols indicates that you have some comprehension that OpenID is an ''implementation''. It is not the technology itself. The [[IEEE 802.11n-2009|802.11n]] article doesn't describe where MIMO came from, the [[Twitter]] article doesn't mention the prior history of microblogging, and the [[Wii]] article doesn't discuss who was the first to think of motion control interfaces for video games. Similarly, unless it substantively impacts OpenID, Lyon's patent doesn't warrant mention in this article, as I stated before. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 16:02, 1 November 2009 (UTC)
:What relevance does an overturned legal doctrine have here? If you want to make a legal case as the basis for article content, then make it in court. Come back here after you've won it, or at least grabbed some headlines for it. That's the only way I see the claim receiving the sort of independent coverage that would satisfy Wikipedia policies. If such coverage emerges, then Lyon's patent can probably be mentioned in the Wikipedia article same way CSIRO's patent is in the 802.11n article and Immersion Corporation's patent is in the [[DualShock]] article. Otherwise, this no different than Adele McLean, Robert Meyers, Gary Deines, or any other individual trying to use Wikipedia to promote fringe views that haven't gained currency through established means. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 16:24, 1 November 2009 (UTC)
Your responses are moot in light of this patent application. This wiki does serve to prove the technology of my patent. You can go around calling the technology whatever you want, however the simple fact remains that a patent application exists and describes it. We make no threats of lawsuits here. Innovation is what drives America. Please use your common sense and know that you cannot go around saying something is yours when its not. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Globalstage|Globalstage]] ([[User talk:Globalstage|talk]] • [[Special:Contributions/Globalstage|contribs]]) 20:07, 1 November 2009 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot-->
:Who said anything about what belonging to whom? Where in the article? The only thing I can find is the quotation that you tried to remove, and that was a statement of philosophy, not a claim of fact. The only ones making a fuss about ownership are the ones waving a patent application around, talking about "strong IP". If you're going to continue to ignore the policies, then ''any'' further discussion on the matter is moot. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 20:51, 1 November 2009 (UTC)
=== OpenID origins ===
Fitztpatrick's claim to be the originator of OpenID in June 2005 is not supported by the evidence. Microsoft was introduced to a small part of a concept called TADAG (Trusted Authenticated Domains & Gateways - www.tadag.com) in June 2004. Microsoft began covert development of the OpenID concept early in 2005 before being challenged by the UK-based originator, David Gale, after a live confidential security briefing in Redmond in April 2005. The contact and discussions are documented across multiple Microsoft employees for months before and after the IPR challenge. Senior Microsoft executives have never disputed the chronology provided by TADAG's author but the company instead went on to sponsor OpenID's arm’s length development. I was the original contact point inside Microsoft Corp for discussions on the development of TADAG.[[Special:Contributions/46.208.31.163|46.208.31.163]] ([[User talk:46.208.31.163|talk]]) 22:11, 19 April 2011 (UTC)Daniel Fell
: As far as I can track down, the first use of openid.net ___domain is in 2001-06-27. It was registered by David Lehn. The [https://web.archive.org/web/20011212113736/http://openid.net first archive of the site] by the WayBackMachine is in December 2001. It had three links in it.
* SourceForge Project Site
* DotGnu
* XNSORG
: The sourceforge site stated this:
: ''OpenID is a project to research and develop a system to share information associated with a particular user/group/account/etc between sites on the Internet.''
: Surprisingly, it still is. XNSORG later became XDIORG, but it was developing eXtensible Name System, which later became XRI and was incorporated in OpenID Authentication 2.0.
: --[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 19:06, 19 October 2018 (UTC)
==Update==
I don't know if anyone else is willing to work on it, but the latter half of the History section focuses a little too much on companies and adoption (while still overlooking [[:mixi]], which is huge in Japan) when there are quite a few other important aspects to cover: the Provider Authentication Policy Extension (PAPE), the Contract Exchange (TX) extension, the rise of [[:Facebook Connect]], OpenID+[[:OAuth]], initiatives such as advisory committees for the retail and content provider sectors, government adoption, etc. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 22:49, 13 October 2009 (UTC)
:OpenID Connect is a significant development which should be mentioned. Covering OpenID implementation and adoption challenges over the years under OpenID 2.0, especially in comparison to the now-dominant Facebook Connect, would provide some nice contexxt. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 17:47, 25 August 2014 (UTC)
== Please remember this is an encyclopedia... ==
This article has some rather glowing ad-like prose, how-to examples, and talk page editorializing... what it really needs is more description of the facts, like what information the OpenID provider communicates to the site the user wishes to use and ''vice versa''. [[User:Wnt|Wnt]] ([[User talk:Wnt|talk]]) 17:30, 1 July 2010 (UTC)
: +1 Needs clean up. --[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 19:08, 19 October 2018 (UTC)
== I STILL don't understand what the heck this is. ==
I'm a software engineer with over 20 years experience and am annoyed that I can't make heads nor tails of this. This set of explanations just does not pin down what is what.
I was ALSO going to rail on about how this explanation was written entirely for someone who already understood the subject, but the person who started the discussion section:"Clear as Mud" said precisely that. Yes, whomever you are at 79.79.255.151, you nailed it.
It immediately brings to mind two things in my past. The Java security framework documenation. And the FAA certification requirements specs.
[[User:Tgm1024|Tgm1024]] ([[User talk:Tgm1024|talk]]) 00:59, 12 December 2011 (UTC)
* It's a sufficiently advanced technology indistinguishable from magic, that's what it is. It's a way for A to demonstrate (with some academically interesting forgery/reputation issues that are distractions) to C that he has validly logged on as A, at B, without letting C have any additional privilege aside from that information, from that source. <span style="font-size: smaller;" class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/69.76.179.81|69.76.179.81]] ([[User talk:69.76.179.81|talk]]) 02:01, 13 December 2011 (UTC)</span><!-- Template:Unsigned IP --> <!--Autosigned by SineBot-->
::* Agreed to Tgm1024. This is an extremely badly written article. Needs a good amount of rewriting.--[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 19:26, 19 October 2018 (UTC)
== Huh? (Authentication Bugs) ==
Hit the page searching for manymoon, and landed here. Quipped text included 'vulnerable', so searched on that within the page.
"In March, 2012, a research paper [22] reported two generic security issues in OpenID. Both issues allow malicious to sign into victim's relying party accounts"
- malicious what?
- relying?
[[User:Bs27975|Bs27975]] ([[User talk:Bs27975|talk]]) 11:52, 25 April 2012 (UTC)
== OAuth comparison is highly biased and uninformative ==
The section title "OpenID vs. pseudo-authentication using OAuth" shows bias by branding OAuth as "pseudo-" authentication. (OpenID, by comparison, must be "real" authentication?) The section text contains no citations. There is no definition of a "valet key" or how it differs from the "certificate" sent in OpenID. The diagram does nothing to enhance understanding, it conveys the same bias as the text, and has insufficient color contrast which makes it difficult to read. Please remove this section from the article. <span style="font-size: smaller;" class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[Special:Contributions/192.236.20.254|192.236.20.254]] ([[User talk:192.236.20.254|talk]]) 17:25, 18 May 2012 (UTC)</span><!-- Template:Unsigned IP --> <!--Autosigned by SineBot-->
:The current OpenID specification is now based on OAuth. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 17:47, 25 August 2014 (UTC)
::OAuth stands for Open Authorization. It does not do User Authentication by itself. Access Token does not have an ability to authenticate user. To start with, its final destination/audience is the resource, not the client, so if you use it for "Authentication", it will be prone to vulnerability, just like in the recent Facebook leakage case. Yes, OpenID Connect is OAuth 2.0 based, but it introduced a new token type called ID Token whose audience if the client and has many required features for that purpose.
:: Having said that, it is a textbook item. I do not think it belongs to an encyclopedia entry. --[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 19:13, 19 October 2018 (UTC)
==OpenID Connect==
Despite the differences from OpenID 2.0, OpenID Connect is still OpenID, and is in fact the successor to OpenID 2.0. While I don't oppose sub-articles for individual versions if necessary, I think OpenID Connect coverage should be integrated into this article. [[User:Dancter|Dancter]] ([[User talk:Dancter|talk]]) 17:47, 25 August 2014 (UTC)
: +1. In fact, "OpenID" is an umbrella name for multiple specifications. It is somewhat similar to "ISO" or "ITU-T". It is a registered trademark in many countries. The article should start by explaining about it, then introduce many subcomponents rather than explaining "OpenID" equals "OpenID Authentication 2.0". --[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 19:17, 19 October 2018 (UTC)
OpenID Connect now redirects here. See [[Talk:OpenID Connect#Merge with OpenID?]]. -- '''[[User:P199|<span style="color: #199199;">P 1 9 9</span>]]''' <big>[[User talk:P199|✉]]</big> 18:11, 27 April 2021 (UTC)
== Separate adoption details from the introduction ==
To simplify the first paragraph, all of the text from "Several large organizations either issue or accept OpenIDs ..." to the end should be moved to the Adoption section.
In the Adoption section, it would be helpful if there were separate lists for those who issue (ie provide) and those who accept, and also if there was some indication of the number of providers (rather than just of account holders and accepting sites).
[[Special:Contributions/203.129.56.132|203.129.56.132]] ([[User talk:203.129.56.132|talk]]) 13:14, 26 November 2014 (UTC)
: +1 for removing them from intro. --[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 19:29, 19 October 2018 (UTC)
== Infobox Suggestion ==
The information in this article needs to be summarized in the form of an infobox. I cannot format a basic infobox without it getting removed by a user or starting an edit war, so I request that an infobox be added to the article, summarizing the key points.
<span style="font-family: Lucida Console;">[[User:TheFallenOneGOTH|TheFallenOneGOTH]] ([[User talk:TheFallenOneGOTH|Talk]])</span> 22:44, 24 April 2015 (UTC)
== External links modified ==
Hello fellow Wikipedians,
I have just modified 5 external links on [[OpenID]]. Please take a moment to review [https://en.wikipedia.org/w/index.php?diff=prev&oldid=774023441 my edit]. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit [[User:Cyberpower678/FaQs#InternetArchiveBot|this simple FaQ]] for additional information. I made the following changes:
*Added archive https://web.archive.org/web/20060504054201/http://community.livejournal.com/lj_dev/683939.html to http://community.livejournal.com/lj_dev/683939.html
*Corrected formatting/usage for http://reddevnews.com/news/devnews/article.aspx?editorialsid=913
*Added archive https://web.archive.org/web/20070425033329/http://brad.livejournal.com/2226738.html to http://brad.livejournal.com/2226738.html
*Added archive https://web.archive.org/web/20061020010916/http://daveman692.livejournal.com/251286.html to http://daveman692.livejournal.com/251286.html
*Corrected formatting/usage for http://biz.yahoo.com/bw/080117/20080117005332.html
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
{{sourcecheck|checked=false|needhelp=}}
Cheers.—[[User:InternetArchiveBot|'''<span style="color:darkgrey;font-family:monospace">InternetArchiveBot</span>''']] <span style="color:green;font-family:Rockwell">([[User talk:InternetArchiveBot|Report bug]])</span> 20:37, 5 April 2017 (UTC)
== getting an openid without giving personal details ==
There used to be a {{no redirect|List of OpenID providers}}, but it was replaced by a redirect here. From the {{oldid2|404795246|page history}}, however, I found several providers that do NOT require you to give up a cell phone number (or similar) to gain an openid account.
* {{delink|[https://my.xlogon.net my.xlogon.net]}} – OpenID provider with multiple identities, multiple persons, only SSL secured connections and anti phishing support (in German)
After several attempts, I found one that is still working. This one I just used myself successfully, and I've verified that I can now post blog comments using it. It has English instructions. Cheers [[User:CapnZapp|CapnZapp]] ([[User talk:CapnZapp|talk]]) 10:08, 22 June 2017 (UTC)
== Clean up the page, please! ==
This entry is a mess, contains a lot of untrue or irrelevant information.
Also, it probably is violating the Wikipedia principle of an article being not a textbook entry.
It should be cleaned up.
OpenID is not Authentication to start with. So, the first line saying "OpenID is an open standard and decentralized authentication protocol" is actually not true.
I have started fixing it but was reverted by User:Bbb23. Need to discuss. <!-- Template:Unsigned --><small class="autosigned">— Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Sakimura|Sakimura]] ([[User talk:Sakimura#top|talk]] • [[Special:Contributions/Sakimura|contribs]]) 16:23, 17 October 2018 (UTC)</small> <!--Autosigned by SineBot-->
== Create a new section "OpenID Authentication 2.0" and collect all that belongs there ==
OpenID != OpenID Authentication 2.0.
Create the section and collect all that are OpenID Authentication 2.0 there.
By doing so, it would be much easier to introduce various other "OpenID" specifications.--[[User:Sakimura|Sakimura]] ([[User talk:Sakimura|talk]]) 19:24, 19 October 2018 (UTC)
== Wikipedia Ambassador Program course assignment ==
[[File:Wikipedia-Ambassador-Program-Logo.png|50px]] This article is the subject of an [[WP:Student assignments|educational assignment]] at University of Toronto supported by [[Wikipedia:WikiProject Wikipedia|WikiProject Wikipedia]] and the [[Wikipedia:Ambassadors|Wikipedia Ambassador Program]] during the 2011 Q3 term. Further details are available [[Wikipedia:Canada Education Program/Courses/Knowledge and Information in Society (Andrew Clement and Siobhan Stevenson)|on the course page]].
[[Category:Wikipedia Ambassador Program student projects, 2011 Q3{{!}}{{PAGENAME}}]]
{{small|The above message was substituted from {{tlc|WAP assignment}} by [[User:PrimeBOT|PrimeBOT]] ([[User talk:PrimeBOT|talk]]) on 16:01, 2 January 2023 (UTC)}}
== Article uses the term "Relaying" party instead of "Relying" party ==
The technical standards use the term 'relying' party to mean:
Relying Party (RP):
---
OAuth 2.0 Client application requiring End-User Authentication and Claims from an OpenID Provider.
(Taken from the [https://openid.net/specs/openid-connect-core-1_0.html#Terminology OpenID Connect Core Spec]).
Under the section [[OpenID#Phishing|Phishing]] in the article, it seems the author used the term 'Relaying' party, which obscures the meaning in the context of the section. The malicious party, in the sense of a phishing website, does not actually 'relay' any information but merely misdirects the victim to a fake endpoint, which looks like the provider's endpoint and thus fools the victim into providing his credentials.
A careful reading of the section clearly indicates that the author probably meant to use the term 'Relying party' instead of 'Relaying party'. Which seems to be a minor error, but a source of potential confusion to readers.
Kindly note, that the term 'Relaying party' never occurs in the official specifications of the OpenID Connect Specifications.
Hopefully, consideration will be made and appropriate changes made.
Thanks. [[Special:Contributions/102.176.94.80|102.176.94.80]] ([[User talk:102.176.94.80|talk]]) 17:38, 23 February 2025 (UTC)
| |||