I think the idea is good, but the implementation by the enabled sites is goofy. Take CNN for example. You first have to open a free account with them, then link your OpenID to that account, then you can log in with OpenID. Defeats the purpose IMHO.

I like using it for blog commenting though. Comment and go without registration.

The biggest theoretical issue I have is that if my domain name lapses and someone else throws up their own OpenID endpoint in it’s place, then that person can log in as me on the pages that I’ve previously authorized. Like the other commenter said, this would be bad if sites like PayPal or my bank were accepting OpenID…

The PASP enhancements look promising.

I think the idea is good, but the implementation by the enabled sites is goofy. Take CNN for example. You first have to open a free account with them, then link your OpenID to that account, then you can log in with OpenID. Defeats the purpose IMHO.

I like using it for blog commenting though. Comment and go without registration.

The biggest theoretical issue I have is that if my domain name lapses and someone else throws up their own OpenID endpoint in it’s place, then that person can log in as me on the pages that I’ve previously authorized. Like the other commenter said, this would be bad if sites like PayPal or my bank were accepting OpenID…

The PASP enhancements look promising.

I can see using it more in the future, but only for the dozens of non-sensitive sites that make me login (fantasy baseball, photo sharing and the like) and not something where the loss to me might be greater (paypal, online banking).

One of the issues I have with it is that I can’t think of an OpenID provider that has done a good job of assuring me as to their ability to reduce the risk to me. The selling point I’ve seen from providers is convenience, not security. OpenID providers need to assure me of both.

I can see using it more in the future, but only for the dozens of non-sensitive sites that make me login (fantasy baseball, photo sharing and the like) and not something where the loss to me might be greater (paypal, online banking).

One of the issues I have with it is that I can’t think of an OpenID provider that has done a good job of assuring me as to their ability to reduce the risk to me. The selling point I’ve seen from providers is convenience, not security. OpenID providers need to assure me of both.