There's a problem here that I've struggled with, with FOAFnet and I will struggle with, with OpenID. Sites like Tribe.net and Ecademy depend for a lot of their function on having a rich user record. Even if I run an OpenID ID provider on Ecademy and Tribe trusts it, Tribe will want to create a local user account with lots of data attached. So checking against Ecademy when logging into Tribe serves no useful purpose when they could just as well authenticate the user against the local data.

Once the user has logged in, you don't want to make round trip requests for the data on every page refresh so you have to maintain a local session with locally cached data. Wich again points at a local user database.

This means that it is useful to help the user avoid typing all that data again into yet another account creation form. But single signon makes less sense.

Having said all that I think there are places where a temporary check against a trusted third party is useful. And it's exactly the scenario that led to OpenID at Livejournal. That is allowing users that have been authenticated by a trusted source to leave comments against an article. So think TypeKey, not YASN account record.


[ << Terror alert ] [ DRM Madness >> ]
[ 14-Jul-05 10:44pm ] [ ]