Thursday, February 08, 2007

Sampling OpenID RPs

OpenIDDirectory lists a whole bunch of OpenID Relying Parties at which you can use your OpenID.

As an experiment, I picked the New Sites category and attempted to use my ProtectNetwork.org OpenID. Here are the results:
  • http://www.fileformat.info/ - no option to log-in (using OpenID or otherwise)

  • http://health20.org/ - Received 'The server encountered an internal error () that prevented it from fulfilling this request' after authenticating to my IDP. Interestingly, the site used the LID GUI model (i.e. icon in bottom right corner).

  • http://www.phixr.com/photo/ - unable to login, the site indicates you can supply either a user name or OpenID, but still demands a password

  • http://www.sylvainbriant.com - no option to log-in (using OpenID or otherwise)

  • http://www.suppressionlist.com/ - Received 'Application error' after authenticating to IDP

  • http://www.placeengine.com - No option to log-in (using OpenID or otherwise)

  • http://www.insanejournal.com/ - Success!

  • http://www.donengel.net/ - Partial Success. After successfully being redirected to my IDP, I consented to the release of my email back to the SP. Nonetheless, the SP still asked me for my email.

  • http://www.challgren.com/ - Success

  • http://www.finnix.org - Success
Testing the Social Network category produced similar results (e.g. Stuffopolis failed, Crossroads wanted me to give my email after getting it from the IDP, PeopleAggregator has a funky drop-down multi-option login screen, that leads to nowhere)

Separately, there were almost as many 'ceremonies' as there were sites. Permutations included:
  1. offering OpenID login as a peer to normal local account (e.g. Doxory)
  2. linking from main log-in page to an OpenID specific page (e.g. Finnix.org)
  3. variations on 'LogIn', 'Verify', as the etc (e.g. Challgren.com)
  4. Asking for an OpenID AND a password (e.g. Phixr)
  5. Describing the OpenID option as 'Blog URL' (e.g. Challgren.com)

7 comments:

Anonymous said...

Very nice.

A separate page is what LiveJournal, the pioneer of OpenID, has until this very day. Speaking of the great support on the part of A6.

Blog URL is what the MT plugin normally displays. Fine with me as long as the icon is there.

derfreizeitblogger said...

Hi Paul,

thanks for all the effort you´ve been putting in testing openiddirectory.com.

First of all: protectnetwork.org was missing in the section "OpenID Providers" - I´ve changed this :).

Second - to put the registration process right: Until today me and my team have done all the registrations. From now on we hope for YOUR support :). I have to admit that we should have tested all sites one more time, closer to the launch date. Anyway we have to face the problem of sites changing without prior notice. http://www.fileformat.info, http://health20.org/, http://www.sylvainbriant.com, http://www.placeengine.com are typical candidates, I think. I´ve deleted them from the OpenID Directory.

http://www.phixr.com claims to have OpenID login, but does not. http://www.suppressionlist.com is simply not working. Stuffopolis worked with my OpenID from myopenid.com.

All we can say is that the whole OpenID topic is still pretty much experimental - at least concerning the sites that try to implement this technically. It may happen more often that OpenID logins appear or disappear in this early stage of development. As the directory grows, the only chance to keep on track is relying on people like you, giving us rapid feedback.

Another reason for the problems you noticed seems to be the weak focus most sites have on a working OpenID login. Some even request redundant data, that´s right. But should we kick them out of the directory or should we better mail them a request to solve their problems?

We all know that there´s still a long way to go ...

Anonymous said...

Hi, this is Thomas from phixr.com.

I just tested logging in to phixr using OpenID (via my livejournal OpenID) - and it works perfectly. (Since I personally don't use OpenID often, I didn't test it quite some time. You really got me worried...)

Did you add the "http://" in the beginning of the username? (Otherwise there is no way phixr could know that the username is an openid)

Paul Madsen said...

Hi Thomas.phixr.com, thanks for following up.

However, from Open ID Auth 1.1

The End User is NOT REQUIRED to prefix their Identifier URL with "http://" or postfix it with a trailing slash.

Anonymous said...

Thomas again. Paul, thanks for the update on standards (I implemented this before 1.1 was out). Anyway, adding another text field for just the 0.1% of users with an OpenID is just a tiny bit too geeky. I'll document the usage in a better way, however. Sorry for the inconvenience.

herestomwiththeweather said...

the most common problem is that stuffopolis is strict and requires that an email address is provided during registration with openid. i would be happy to resolve the problem for you -> support@stuffopolis.com.

Anonymous said...

Here's another OpenID server (www.iamdentity.com). What makes this one unique is that it has a profile manager as well. Not only can you manage your OpenID sites and simple registration but you can also manage all other aspects of your digital profile.

Apart from being an OpenID server, there's also a web service that allows a 3rd party to retrieve your information (with your permission of course).

iamdentity takes online profile management to the next level.

Visit www.iamdentity.com and sign up for a iamdentity account and get your OpenID URL as well to use at the growing number of OpenID enabled sites.