LooseSuits

Nope. URLs lack potential to become mainstream identifiers. And decentralized identification sounds great!! but in reality isn't that super-awesome.
I've used it, but I don't like it.

[edit] I also need to note that more of the big companies (microsoft, digg!) are getting OpenID-enabled, which is a big advantage for it to survive. But I still doubt the hype is really about the technology,.. like more about them being 'Web 2.0'.

I've heard a lot about it and it sounds promising. Like everything, it has its downfalls, but on the whole I think it could be a good thing.

I haven't had a chance to look at it properly yet though, so I don't have a very informed opinion.

I'm hoping for it. It's much simpler and better at identifying people than having dozens of usernames and passwords everywhere you go. It's also very easy to implement and easily made secure.

I just talked about this with my buddy Mike yesterday, and my main caveat is trusting one service to essentially "run" my website's authentication service. What if something goes wrong on their end, or some of their OpenID replicating services go down, if that means that my service suffers then that possibility is not worth it. Plus, whenever someone logs into my service then my code has to make another roundtrip call to an OpenID server somewhere which could delay the login process, potentially frustrating users.

I agree with Mike. I try to keep my blog as self contained and self sufficient as possible. Gravatar, Open ID: they're all just one more thing that can go wrong ... and we all know Murphy's Law well enough to know that what can go wrong, will.

>> Do you think Open ID will take over the old login method?

To an extent. Where it's vital something is as secure as it possibly can and/or your user account doesn't need to be publicly available, uname/pwords are going to remain the mainstay.

In places where you interact with other people and in multiple communities, OpenID is the only way forward.

Will it take over? For the mostpart, we should be able to kiss all this "anonymous" shit (posting on blogs, forums, etc) goodbye. With the speed that it's taking off, I reckon 2007 is year of OpenID.

AOL have just made all their accounts OpenID accounts. That's 63million with a flick of a switch!

MS are saying they're building OpenID compatibility into CardSpace (their new identity system that will replace Passport (if I understand them correctly)).

Digg have also said they're getting OID compatibility in "this year".

This is a damned simple system to implement, so I'm sure once this hits the mainstream so they can use their yahoo/hotmail/gmail accounts URLs anywhere, we're there. OID will have conquered.

What's more frustrating for the user?

Waiting 400 ms more for your server to check theirs for authentication, or waiting minutes to get the email your server to sent for the password they don't remember?

The intention is for anyone to be able to run their own openid server, so that they control their own quality of service as far as being able to log in to sites that support it. However, it's a very good point that people using an openid authentication provider (livejournal for example,) could have a perception that it's your site that's broken instead of theirs.

It really depends on who your audeince is. OpenID won't be the defacto standard any time soon, but it may very well be a standard for things like blogs. The vast majority of blogs don't require membership, and the only reason anyone would "log in" to them would be to identify themselves to others. This is what gravatar supplies. I could go around to dozens of blogs posing as other people using their email address and showing up with their gravatar.

OpenID is a step further because it is authentication instead of just identification. It is unique by nature, and provides context back to the person who owns the id.

I feel it's an excellent use of simple technology, and has immense value if the adoption rate picks up. All the same, it's niche. Your average internet user isn't going to have a clue, or care about it until it has some big backers that push the support.

The problem is that all people who use computers are used to the username/password login process. The vast majority of Internet users don't have their own website and if they are "claiming ownership of a website to prove identity" then that's far too complicated than simply typing in your username and password that they've been trained is "how they log into a system".

I don't see why username@emailaddress.com is any harder than id.emailaddress.com/username

Sure it will take time but much less time than it took people to get used to email addresses.

I've actually just this evening written a big Pros and Cons of OpenID live-article. If you've any concerns and think they should be on there, just leave a comment on the article and I'll whoop it's ass into shape.

Same goes if you disagree with anything I've said.

If you love it to bits and want to have it's children, digg it.

I'm hoping it takes off. You would not believe how many sites I've skipped commenting on just because the site requires an account. Same goes for forums.

With the amount of sites requiring registration, people tend to use the same user name and password. To me, that's more of a risk than the Open ID system. Nowadays, just one minor web forum has to be compromised and your password is potentially out in the open.

I hope Google signs on to Open ID. I would love to use Google as my Open ID provider.

I should stress that OpenID does not stop spam.

It is just a method of claiming your identity through a URL only you can authenticate against.

You could setup one OID account and have a billion delegate URLs point to it. That is effectively a billion OpenIDs now.

If you let people just use OpenID without registration, you would still see the same spamming that you see today with anonymous commenting.