Continuing my recent discussion about OpenID and considering OpenID usage for authenticating to OSGeo services, I wanted to make a short review of its disadvantages. The OpenID advantages are well-known and can be described with a short statement:

open, decentralized, free framework, which allows Internet users to control their digital life with single identity

Stefan Brand collected number of opinions about OpenID and compiled a very interesting post on his blog about problem(s) with OpenID. Stefan’s blog entry is pretty long, so to understand his findings easier, I decided to abstract key thoughts on that matter.

Stefan summarized main problems and sources of OpenID criticism as follows:

OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID consumer.

Next, complaints about the OpenID framework are presented in a few categories, which I’m going to summarize below.

Continue reading →