In association with heise online

31 October 2008, 09:06

Google reworks its OpenID plans

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google has reworked its OpenID plans in the wake of criticism that it was not being open enough with OpenID. Eric Sachs from Google's Security Team announced that Google would drop the requirement for sites to pre-register with Google saying the move was "instead of having our engineers spend time manually maintaining that list of registered sites".

Sachs also explained that Google would be publishing the XRDS file required for other OpenID relying sites to discover Google's OpenID service on as soon as possible and gave an intermediate work around for OpenID developers who want to get involved. He also pointed at the company's documentation for Designing a Login User Interface asking developers to note that they do not mandate Google OpenID logins only and that developers are free to create their own federated login boxes which could allow for logging in with other OpenID providers.

Google also wanted to look at becoming an OpenID relying party, said Sachs, but considers there to be a number of technical and usability challenges in integrating the login mechanism for existing services and is looking to work with the wider community on OpenID and OAuth to develop open source components, possibly following on from research by the company into federated logins and second factor authentication.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit