----------
Wishlistr is one of the sites that Yahoo! hilites as one that you can use your Yahoo! OpenID to log-in to.
But, when I tried to do so, Yahoo! showed me the following warning
What would Wishlistr need to do to 'confirm its identity' to Yahoo such that users wouldn't see this (likely enthusiasm killing) warning?
If the warning just reflects OpenID's default trust model, why is Yahoo! giving the impression that something better (in the sense of not causing scary warnings) might be possible through Wishlistr undergoing 'site identity confirmation'?
Tags:
6 comments:
Hey Paul,
I feel your pain cause I have the same problem with my site - did you find out what to do?
Cheers,
Michael
Michael, I think the problem with the warning is not, actually, how you confirm your site with Yahoo, but how it is put. I'm afraid it discourages the use of OpenID as such.
yes to hacker, I'm not trying to get any one site to work with Yahoo!. Rather that, were I a user, the warning would make me think that Wishlistr had not availed itself of an available 'trusted site verification' process. But, I suspect the warning is just Yahoo!'s (poor) explanation of the OpenID reality, i.e. that, despite Wishlistr appearing in Yahoo!'s OpenID Gallery, Yahoo! doesn't really 'know' Wishlistr (unlike the case were Wishlistr using BBAuth)
see http://developer.yahoo.com/auth/appreg.html
for the difference
paul
Thanks guys - so we'll just have to live with that. That wording is definitely improvable...
One of the features of OpenID 2.0 is that you can "verify" the relying party by doing XRDS "discovery" of the relying party's return_to endpoint. I know that yahoo implemented this feature. It may be that the site is not exposing it's return_to endpoint via XRDS and so the Yahoo OP can't "verify" the RP.
Andrew Arnott wrote up a nice piece.
http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html
Post a Comment