Identity Update: Browsers with OpenID?

For about a year I have been pushing OpenID and OAuth as a key component to a large scale “Social Process” system (see posts here, here, and here). In the past year I have tested these ideas with a project called “Process Leaves” which is essentially a wiki which supports a couple of non-profit organizations I volunteer with. In order to access the protected content, you must log in with an OpenId. Yet there is still a problem. (more…)

REST assured, OAuth security

I have been investigating REST oriented workflow in a secure environment for the past couple of months. I covered OpenID a few months ago which is perfect for allowing for a kind of single sign on (SSO) in a web 2.0 environment without giving any service your password. Signing on to services is important, but how do you get a service to talk to another service, without giving one of them your password? (more…)

How Not to use OpenID

See my previous post on Web 2.1: How OpenID will rescue Web 2.0 where I wax lyrical on how great it will be when I can have a single ID and use it everywhere. Well, I still think it is a good idea, and I still think it is the right approach, but I am considerably more disappointed about the level of support. (more…)

Web 2.1: How OpenID will rescue Web 2.0

I am a self acknowledged “Site Registration Hater” (SRH). I hate registering at web sites. The whole concept behind Web 2.0 is collaboration: the content comes from individual contributors and we build the web together. But every single place where you want to make a contribution, you have to register as a “user” of that site. (more…)