With OpenID 2.0 support for i-names (XRI) you will be able to login to any OpenID enabled site using a simple i-name. For example mine is '=eran'. Whenever I see an OpenID login, I enter '=eran' and click login. It takes me to my provider to enter my password, and I click back to return to the site.
It is ONE click away from a regular username and password and you don't need to share your password with any other site than your provider.
OpenID 2.0 is expected to be final in the next few weeks and i-names are easy to register. I am sure in the near futures services will sell you a complete package of OpenID/i-name for a low fee or free.
factoryjoe
· 2 years ago
From a brief glance, it almost seems like these guys implemented OAuth. Weird. It also has a significant SPOF: "It is only possible to de-centralize SlashID when the system stops relying on Javascript issued from our website. This will happen when browser plugins or core browser modifications which support our protocol are widely available. Until then, the system must remain centralized."
I'd rather stick with OpenID where it works and use 1Password in the meantime.
zlieber
· 2 years ago
SlashID's main goal is to provide private and anonymous Identity Management, without disclosing the data even to the Identity Provider. It uses symmetric key cryptography and hashes in the browser to achieve that goal. Possibly there is room to use OAuth in parts of SlashID (and if there is we will do that since open standards are better), but this doesn't change a lot in principle.
As far as SPOF, this will be true in any system: if you take code from somebody, you trust that somebody. So, it's better to receive code from one party, and service from another. That way you trust the code provider, but not the service provider. With JavaScript, code provider and service provider are the same (since JS is served from the same server that provides you the service), which creates this "constraint". We just mention this issue honestly, instead of hiding it, but truly it's not only our problem.
Adam Hirsch
· 2 years ago
Thanks Zlieber. My suggestion is you have to get the bulk of the main user sites to work with SplashID before you start asking people for money. Also, perhaps a list of sites that SplashID is compatible with??
All Comments
It is ONE click away from a regular username and password and you don't need to share your password with any other site than your provider.
OpenID 2.0 is expected to be final in the next few weeks and i-names are easy to register. I am sure in the near futures services will sell you a complete package of OpenID/i-name for a low fee or free.
I'd rather stick with OpenID where it works and use 1Password in the meantime.
As far as SPOF, this will be true in any system: if you take code from somebody, you trust that somebody. So, it's better to receive code from one party, and service from another. That way you trust the code provider, but not the service provider. With JavaScript, code provider and service provider are the same (since JS is served from the same server that provides you the service), which creates this "constraint". We just mention this issue honestly, instead of hiding it, but truly it's not only our problem.
Either way, Good luck!
- Adam Hirsch, Mashable.com