Google Clarifies Its OpenID Implementation

google_openid_logo.pngUpdate: We’ve been contacted by members of the OpenID community who argue that we’ve mischaracterized the controversy in this post. Additional complications not discussed here include the now-ceased process of whitelisting domains that could use Google OpenID.

After we wrote about Google becoming an OpenID provider yesterday, a number of reports suggested that Google was not following the OpenID guidelines closely and that it was basically forking OpenID to suit its own agenda.

Sponsor

The problem with Google’s implementation of the OpenID protocol was that users could not just use their Gmail accounts to log into any OpenID enabled site and that Google itself did not accept OpenID to let users log into Google’s own services. Now, Google has published a blog post to its Google Code Blog that explains why Google chose this implementation and how it will address these concerns in the future.

Confusion

Normally, when you use your email address as your OpenID credential, the OpenID enabled site (the ‘relying party’) goes back to your OpenID provider and looks for a specific file (XRDS) on the server. However, Google chose not to implement this part of the OpenID ecosystem when it launched its OpenID implementation yesterday and made developers rely on Google’s own API instead.

Now, however, Google has announced that it will start publishing XRDS files ‘as quickly as possible.’ For the time being, you can use ‘https://www.google.com/accounts/o8/id’ to sign up for OpenID enabled sites.

google_openid_problemearea.png

Why Google Doesn’t Accept OpenID Itself

One other issue many people raised yesterday was that Google itself did not accept OpenID for letting users sign in to its own properties. According to today’s blog post, the reason for this is purely technical, as « all Google rich-client apps would break if we supported federated login for our consumer users. » Google, however, is looking at possible solutions for these problems and is enlisting the help of the OpenID community.

It is good to see Google acknowledge these issues head-on. Despite these growning pains, we still think that Google’s support for OpenID will drive its widespread acceptance, especially once Gmail users can just use their accounts to effortlessly create accounts and log into third-party services.

Note: Yesterday’s espiode of TheSocialWeb.tv has some more in-depth detail about the development of Google’s OpenID implementation and features an interview with the developers.

more about « f | Google Clarifies Its OpenID Imple…« , posted with vodpod

About these ads
Ce contenu a été publié dans Uncategorized. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s