|
Search this group's discussions
|
[implemented] Add OpenID authentication
|
Provide an OpenID means of authenticating users and visitors.
What is OpenID? It's a decentralized authentication scheme for the web. Livejournal provides it. AOL provides it. Dozens of others provide it. Anyone who controls a web page's headers can have a custom OpenID of that URL. OpenID is a way of proving that you own a URL. I can sign in to Ma.gnolia, Do X or Y, WikiTravel, Technorati, and others -- all using my OpenID, 'http://web.chad.org/', and my password is never sent to those sites.
(It's kind of like Microsoft's "Passport", except that it's decentralized. No evil behemoth owns it.)
- For auth of Flickr members: (This may be anathema to pointy-haired-bosses at the MotherShip!, but) I hate having to sign in with a throw-away account at Yahoo!. I don't want a Yahoo! account. We should be able to sign in to Flickr without using our own authentication. Yahoo! is not the only site on the Internet; because every site pretends it's important enough to reserve mental password-space in everyone's heads -- people choose terrible passwords or use common passwords everywhere -- and that is a security nightmare. OpenID fixes that.
- For auth of nonmembers: This would blur the line between people who would never join and those who do join. If anyone has an OpenID, then Flickr could let them comment, and we have information about the commenter that can't be faked.
- OpenID would make it (almost?) possible to abandon the guest pass system altogether. The guest pass is a mechanism to let people without accounts view content. If Flickr supported OpenID, then we could merely list the ID/URLs that we want to be able to access it, and all Flickr needs to do is check that the viewer ID is in that list. Again, there's no checking of passwords or anything like that on Flickr's side. (Guest pass does have one thing OpenID doesn't -- pure anonymity. Right now, anyone can send around a guest pass and access photos. That's not possible with OpenID.)
----
So, Flickr should implement OpenID for several reasons:
- Better security through fewer passwords.
- It doesn't tie Flickr to auth at Yahoo! (this may be a disadvantage to hegemonists who want Y! at the center of the universe).
- It would allow us the users to set specific access rights for unknown or new people, and Flickr doesn't have to care anything about authenticating it.
- It divorces Flickr/Yahoo! from the headache of keeping track of passwords, and mailing passwords, and resetting passwords.
- It breaks the subscription barrier. Anyone who already has an OpenID can try out Flickr without investing 15 minutes signing up at Yahoo!. It's suddenly cheap to see if Flickr is worthwhile.
- Flickr could open photos for comments without worrying about the anonymous spammer problem. Everyone with an OpenID proves they own a public URL, and that means there's no unfathomable depths of anonymity to hide in. Flickr as a social platform needn't be an exclusive club.
Two very useful links:
video.google.com/videoplay?docid=2288395847791059857
openid.net/
Originally posted at 1:56PM, 31 July 2007 PDT
(permalink)
Lú_ edited this topic 19 months ago.
|
|
Nice. I like it and going to read up on it.
As it is now yahoo / flickr (so called) security is about as good as using a bread bag twist-tie to lock the front door of your house.
Posted 59 months ago.
(permalink)
|
|
Somehow I very much doubt that Flickr is going to go back to offering a non-Yahoo ID signin like they used to have. But we can dream.
Posted 59 months ago.
(permalink)
|
|
|
Brenda, before you dismiss the scope of OpenID, consider whether Yahoo! should replace or parallelize its own auth system. I suggest that this should spread to Yahoo! too. It would have all of the same benefits as Flickr would get.
Posted 59 months ago.
(permalink)
|
|
what Brenda said ^^.
Posted 59 months ago.
(permalink)
|
|
Great suggestion, Chad. It would be cool if Flickr adopted OpenID. I especially like your argument that non-members could comment more easily.
On a side note: OpenID has one privacy issue that we shouldn't forget about. Since most people do not own a personal domain name or, if they do, will not make the effort to set up their own OpenID service, nearly everyone will register their OpenID with one of the main providers, say AOL. Now AOL will know about all web sites on which you sign in with your OpenID and how often you use them.
Posted 59 months ago.
(permalink)
|
|
|
OB: Two notes.
The link above has about 60 free, public providers. And this is before OpenID is as popular as it could be. If it really takes off, square that.
Sites wouldn't have very good information about how often you use them. You'd only refresh your auth credentials when the Cookie expires. How often do you really log-in (e.g.) here at Flickr? Every time you auth, yes, you'd leak info to the folks you choose as your provider. But, you're free to choose any one you trust or to make your own (and this is nowhere near what your DNS provider can glean about you), and you're probably not leaking as much info as you think.
Posted 59 months ago.
(permalink)
|
|
|
Chad: true enough. I didn't want to exaggerate the issue, just mention it. And I did not consider the cookies.
Posted 59 months ago.
(permalink)
|
|
|
News on the openid front:
Flickhoo! is becoming a OpenID provider (you can auth at other sites using your flickr URL), but is not yet a consumer.
Yahoo joined the OpenID Foundation Board. openid.net/2008/02/07/evolving-the-openid-foundation-board/
Posted 52 months ago.
(permalink)
|
|
I personally do not like one centralized login ID for everything ... makes it too easy for a hacker to gain control over all my different accounts. There have already been horror stories of Flickr users getting their accounts deleted by hackers.
Posted 52 months ago.
(permalink)
|
|
Implemented! OpenID sign-ins, starting with Google.
On the Flickr blog:
"Sign up for Flickr with your Google Account!"
blog.flickr.net/2010/10/28/sign-up-for-flickr-with-your-g...
See the blog for links to the FAQ and Help Forum feedback and bugs topics.
Note that this is for new accounts. For existing accounts, the blog says: "For existing Flickr account holders, you’ll still need to sign in with your Yahoo! ID, but we’re rolling out a few new features to will make signing in easier for you as well. You can now sign-in to your account without having to leave the page you were on, making it easier to post comments, favorite a photo or add someone as a new contact."
Originally posted 19 months ago.
(permalink)
Lú_ edited this topic 19 months ago.
|
 |
luidiazdevesa (bloqueado) [deleted] says:
A mi me mandaron un mensaje y me dicen que es un Open id. Nadie me explica como usarlo, ni por ayuda por correo ni el staf. Por lo tanto llevo desde el día 07/03/2012 sin entrar en mi cuenta Pro. Porqué instalan algo que bloquea la cuenta. Eso no es facilitar las cosas.
Yo no entiendo nada.
Posted 2 months ago.
(permalink)
|
|
luidiazdevesa (bloqueado) [deleted] says:
Help me get into my pro account. They sent me a message, and someone told me it's an open id. By this I blocked my account fron 07/03/2012, do not get help by mail, nor do I answer staff Staff. You could help?
Originally posted 2 months ago.
(permalink)
luidiazdevesa (bloqueado) edited this topic 2 months ago.
|
|
luidiazdevesa (bloqueado) This forum is for feature requests. You should post in the Help Forum if you need assistance with logging in:
www.flickr.com/help/forum/
Posted 2 months ago.
(permalink)
|
|
kmacgray
Note that luidiazdevesa (bloqueado) has already posted in the help forum, but in an unrelated thread. I advised them to start their own thread in the help forum, but they have not done so. Instead, they began Flickrmailing me about the issue, and then posting in unrelated group threads.
luidiazdevesa (bloqueado)
As I have told you on multiple occasions and in multiple locations, please contact staff (it's not clear that you've already done so). If you've already sent a Help by Email request, keep corresponding using that same case number.
Posted 2 months ago.
(permalink)
|
Would you like to comment?
Sign up for a free account, or sign in (if you're already a member).
|
|
Flickr Ideas /
Discuss
Feed – Subscribe to Flickr Ideas discussion threads