[Baypiggies] Authkit, OpenID, Click Pass, and local accounts... aka AuthMess

Drew Perttula drewp at bigasterisk.com
Wed Mar 18 06:22:52 CET 2009

Jeff Younker wrote:
> In addition, it seems that OpenID is a little unfriendly.  Opaque URLs 
> are scary,
> so the login screens will use something along the lines of "use your 
> google/msn/
> yahoo account to connect to our system," to which the user selects one. Now
> it seems to me that this part of the system could be rather painful to 
> implement.

Another way out of this problem is EAUT (http://eaut.org). The user 
gives you his email address, you go look up whether there's an OpenID 
associated with it, and if there isn't (most common), you use an EAUT 
service to make a new association to a new openid. Then you get the user 
to signup with the openid and the rest is as usual.

This means that, at first, most of your users will enter their email 
address, be forced to make a password, and then in the future they login 
with that email and password. In other words, it's not much worse than 
the standard sites they use today. It's "openid with your email address 
instead of a new id".

But over time, other sites will perform the same Email Address to URL 
Translation and recognize the user's email+password right away. Some 
email providers might become openid providers themselves, so those users 
won't have to make a new password (they just have to be logged into 
their email website). And advanced users can use their own openids from 
day 1, so it's not like you locked anyone into tying their accounts 

More information about the Baypiggies mailing list