and or I’m late, again!

I just read Simon Willison‘s post about

It’s funny, I just talked about such a service in a previous post and also mentioned I’m working on the same service. I was suppose to release it a week ago but had some other issues to attend to as well as some learning curve with using JanRains’ PHP OpenID library and only manage to get it almost working yesterday. I was planning on release it this week, but since Simon already released I’m rethinking that :-)

I guess when you snooze you loose.

My approach was a little different. I wanted to lower the barrier of sign in a bit more and was thinking more in the form of a fixed user that you’ll use to sign in.

For example, if my Yahoo account is I would use the following URL to sign into an OpenID supported site:

My service will simply delegate you to Yahoo and Yahoo will have to handle all the necessary phishing stuff on their own (which they actually do).

I think I’ll ping Simon and have a little chat about our ideas for such a service :-)

2 thoughts on “ and or I’m late, again!”

  1. Hi Eran,

    I’m glad to hear I wasn’t the only person working on this idea – it shows it has legs.

    Your concept of including the Yahoo! ID in the URL is neat but I don’t think it’s possible against the existing BBAuth API, as that’s designed specifically /not/ to reveal the user’s Yahoo! ID to the service that calls it (for privacy reasons) – it gives you an anonymous user hash instead, so the only assertion you can ever make is that the person who logged in just now is the same as the person who logged in a few days ago. That’s why I took the more straight forward approach of having you manually create an OpenID after signing in with your Yahoo! account.

    My e-mail address is simon @ my OpenID – drop me a line and we can talk more.



  2. Hi Simon,

    My approach was to give the user the more familiar Yahoo asset scenario.

    The user wants to sign in, they use their Yahoo User Name and password. That’s all.

    Perhaps your way is more secure in that matter since it doesn’t expose the username directly but in most cases most users use almost the same username in all of the services (in most cases) so I don’t think that’s an issue here.

    idproxy requires an additional step which is one step too much for the common Yahoo user.

    Anyhow, I’ll ping you later on today and I’ll try to articulate better and perhaps we will reach an even better solution :-)


Leave a Reply