I stumbled upon your blog when I was searching for Facebook and OpenID. Very interesting article.

I work for a company called Vidoop and our main technology is called Vidoop Secure which eliminates passwords as it is the weakest link in user authentication. We decided to implement that technology with OpenID and created myVidoop, which is Vidoop’s OpenID service.

Currently, myVidoop is in its closed beta phase for scalability reasons, but it’d be great to have you as one of our beta testers and get your feedbacks on our OpenID service and the strong user authentication system.

Please email me if you’re interested in getting some invitation codes. I think myVidoop would be able to solve your question about OpenID’s security.

best regards,
Koesmanto Bong
www.vidoop.com

Web standards bare many resemblences to hardware formats, such as consoles and media players - if you can get a killer application to go with it, it’ll pretty much decide the fate of the format. Without the killer application on which to piggy-back, a format just won’t sell. Facebook and Twitter could quite easily be the applications to push OpenID to the mainstream.

I think I could use Facebook’s API to do it and OpenID this one massive favor…

As for the killer OpenID app, I was actually thinking that Twitter could have been the one - it even made the Financial Times yesterday. Maybe it’s not too late to get OpenID onboard before the mainstream gets hold of it….

I’d love to see Facebook become an OpenID provider, but at the rate it’s currently growing, I doubt the CEO Mark Zuckerberg is at all concerned. Facebook has a whole load of buzz surrounding right now, including details of an upcoming interface redesign. Zuckerberg would be doing OpenID one massive favour by integrating it at this stage.

Ma.gnolia’s OpenID implementation sucks. I blogged about it on several occasions. Try this seamless registration I’ve created.

Although the WordPress plugin has many problems (I had to disable it on my blog), a page refresh isn’t one of them. You type in your comment, you enter your OpenID, you submit.

Jyte might be the killer app you’re after.

As for Facebook, what if it became an OpenID provider?

The second point references the need to create a user name on each service you intend to use OpenID with - last time I checked (which happened to be with Magnolia), I still needed to create unique details, i.e. user-name, preferences, and several other specifics that needed to be completed, in order to use a new service. Now, this wasn’t really a problem for me, and I understand why it needs to be done, but I know several people for whom it would probably be more trouble than it’s worth. I apologise if I’ve misunderstood this - has the latest specification of OpenID addressed this, therefore putting OpenID’s in web app schemas as unique identifiers?

I had intended to use the WordPress OpenID plugin, but it feels like overkill when a user has to go through a page refresh just to log-in via OpenID; if they’re already on a comments enabled page (such as this one) they can just type a comment and hit submit - and that’s without the page refresh.

Even if you only need to fill in an OpenID once, I imagine many people would feel they’re registering for a service for which they aren’t many instant benefits. However, if we were to build in more social features (more images, personal preferences, contacts etc) into OpenID, they would be a much speedier adoption. As it currently stands, we’ll probably need another YouTube/MySpace phenomenon, which insists on OpenID from the first registration, before OpenID hits the mainstream.

I’ll not argue your point regarding the use of openid on existing sites. If you continue to use the same sites on an ongoing basis then that’s ok for you. I believe if you tracked your participation in other sites on an ongoing basis I think you would find out you are subscribing to new sites on a periodic basis. If you’re required to enter passwords on any of these sites then you are either a) keeping track of multiple passwords; or b) using the same password on many sites. Both alternatives present risk.