http://mashable.disqus.com/Internet and Technology News - Mashable is the world’s largest blog focused exclusively on Web 2.0 and Social Networking news. With more than 5 million monthly pageviews, Mashable is the most prolific blog reviewing new Web sites and services, publishing breaking news on what’s new on the web.enWed, 17 Oct 2007 19:29:08 -0000http://mashable.com/2007/10/16/slashid/#comment-5981339<p>Thanks Zlieber. My suggestion is you have to get the bulk of the main user sites to work with SplashID before you start asking people for money. Also, perhaps a list of sites that SplashID is compatible with??</p><p>Either way, Good luck!</p><p>- Adam Hirsch, <a href="http://Mashable.com" rel="nofollow noopener" target="_blank" title="Mashable.com">Mashable.com</a></p>Adam HirschWed, 17 Oct 2007 19:29:08 -0000http://mashable.com/2007/10/16/slashid/#comment-5981338<p>SlashID's main goal is to provide private and anonymous Identity Management, without disclosing the data even to the Identity Provider. It uses symmetric key cryptography and hashes in the browser to achieve that goal. Possibly there is room to use OAuth in parts of SlashID (and if there is we will do that since open standards are better), but this doesn't change a lot in principle.</p><p>As far as SPOF, this will be true in any system: if you take code from somebody, you trust that somebody. So, it's better to receive code from one party, and service from another. That way you trust the code provider, but not the service provider. With JavaScript, code provider and service provider are the same (since JS is served from the same server that provides you the service), which creates this "constraint". We just mention this issue honestly, instead of hiding it, but truly it's not only our problem.</p>zlieberTue, 16 Oct 2007 23:38:10 -0000http://mashable.com/2007/10/16/slashid/#comment-5981337<p>From a brief glance, it almost seems like these guys implemented OAuth. Weird. It also has a significant SPOF: "It is only possible to de-centralize SlashID when the system stops relying on Javascript issued from our website. This will happen when browser plugins or core browser modifications which support our protocol are widely available. Until then, the system must remain centralized."</p><p>I'd rather stick with OpenID where it works and use 1Password in the meantime.</p>Chris MessinaTue, 16 Oct 2007 20:08:14 -0000http://mashable.com/2007/10/16/slashid/#comment-5981336<p>With OpenID 2.0 support for i-names (XRI) you will be able to login to any OpenID enabled site using a simple i-name. For example mine is '=eran'. Whenever I see an OpenID login, I enter '=eran' and click login. It takes me to my provider to enter my password, and I click back to return to the site.</p><p>It is ONE click away from a regular username and password and you don't need to share your password with any other site than your provider.</p><p>OpenID 2.0 is expected to be final in the next few weeks and i-names are easy to register. I am sure in the near futures services will sell you a complete package of OpenID/i-name for a low fee or free.</p>EHLTue, 16 Oct 2007 16:44:42 -0000