p2pnet news view Freedom | P2P:- Google has had made the switch to OpenID, notes the NeoSmart Files.

But, the post goes on, “it looks like someone may have been a bit to hasty to pull that switch (perhaps itching to get some of the limelight Microsoft has been receiving for adding OpenID to all Live ID accounts just the day before yesterday).”

How so?

Because, “whatever it is that Google has released support for, it sure as hell isn’t OpenID, as they even so kindly point out in their OpenID developer documentation (that media outlets certainly won’t be reading),” says the story, explaining »»»

1. The web application asks the end user to log in by offering a set of log-in options, including Google.
2. The user selects the “Sign in with Google” option.
3. The web application sends a “discovery” request to Google to get information on the Google authentication endpoint. This is a departure from the process outlined in OpenID 1.0. [Emphasis added]
4. Google returns an XRDS document, which contains endpoint address.
5. The web application sends a login authentication request to the Google endpoint address.
6. This action redirects the user to a Google Federated Login page.

But, says Neosmart Files, “This is something that Google cooked up that resembles OpenID masquerading as OpenID since that’s what people want to see and that’s what Microsoft announced just the day before.

“It’s not just a ‘departure’ from OpenID, it’s a whole new standard.”

Basically, “Google has rewritten OpenID. Not only is it not exactly the same as the current OpenID protocol, it’s so different that existing OpenID relying parties won’t be able to use it,”says NeoSmart.

“Only a handful of ‘partner sites’ have been updated to understand Google’s perverted version of the OpenID standard, and anyone else hoping to authenticate via ‘OpenID’ to Google’s servers will need to do the same.”

It continues »»»

But OpenID is an open, community-based standard. Stabbing them in the back by creating an incompatible standard ‘based on’ the same technology and masquerading under the same name isn’t the way to go. Google may have the best interests of decentralized authentication in mind, and perhaps even the better protocol to boot; but this is no way to prove a point.

OpenID is on tenterhooks as it is, and cannot withstand any more efforts to splinter its adoption. Never mind the fact that almost all the big names adopting OpenID are joining only as providers and not as relying parties (rendering the whole basis of OpenID useless) — now even the provider side of things is chaos.

Thanks, Google, adds NeoSmart — “Good to see you’re still doing the whole ‘Do no evil’ thing, the community really appreciates this kind of approach to improving de facto standards and pushing decentralized authentication!”

NeoSmart Files – , October , 2008

---

Use free p2pnet newsfeeds for your site. It`s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.

This entry was posted on Thursday, October 30th, 2008 at 10:01 am and is filed under Freedom, P2P. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3788 times