On 05/06/07, Christopher Woods <[EMAIL PROTECTED]> wrote:
I'd like to see OpenID mashed up with a Gravatar-style service mashed up with the BBC's existing authentication system mashed up with instant personalisation of the entire BBC web site.
Sounds like one massive team for hackday to me :-)
Please :D > -----Original Message----- > From: Brendan Quinn [mailto:[EMAIL PROTECTED] > Sent: 05 June 2007 14:25 > To: backstage@lists.bbc.co.uk > Subject: RE: [backstage] openID on the BBC > > Thanks Christopher, that's interesting. > > We've been thinking along similar lines in some initial > brainstorming (although I'm not au fait with Simon W's latest > work) -- if you think of OpenID as an "identification > framework" rather than an "authentication framework" then > some possibilities open up. > > Keep the ideas coming, please :-) > > Brendan. > PS to be clear, Simon has been commissioned to write a report > on how the BBC might use OpenID in the future. We're not > necessarily committing to it or endorsing it as a technology, though. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Christopher Woods > Sent: 05 June 2007 13:52 > To: backstage@lists.bbc.co.uk > Subject: RE: [backstage] openID on the BBC > > I run my own PHP OpenID server on another of my domains > (christopher.woods.name - I bought it and failed to have a > use for it until suddenly I realised it'd make the perfect > domain for an OpenID identity :) > > However, I've noted that there's already been issues raised > amongst the blogosphere (and web in general) about security > vulnerabilities within the authentication mechanism for > OpenID, and several proof of concepts have been published > showing how an attacker can spoof an ID and therefore become > logged in to any OpenID-based services... I wouldn't really > want the BBC to solely rely on something like vanilla OpenID > where it's already been shown to be broken. > > > Maybe if they paired the OpenID concept with their existing > authentication system - so you'd still have to authenticate > with them, but you'd have the advantages of an OpenID-based > platform with which the users can manage their own details, > that'd be interesting. The OpenID backend would have to be > secured though, which would involve coding and changes by the > BBC's webteam, I wouldn't use it unless it could be proved to > be invulnerable against the previous attack vectors published > in the past. > > > -----Original Message----- > > From: Michael Smethurst [mailto:[EMAIL PROTECTED] > > Sent: 05 June 2007 10:13 > > To: backstage@lists.bbc.co.uk > > Subject: RE: [backstage] openID on the BBC > > > > <pure_gossip> > > mr willison was seen emerging from a bbc corner office with what > > looked like sso people only t'other week... > > </pure_gossip> > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] on behalf of Jason Cartwright > > Sent: Tue 6/5/2007 9:39 AM > > To: backstage@lists.bbc.co.uk > > Subject: RE: [backstage] openID on the BBC > > > > OpenID is an excellent thing, but it still seems too complicated to > > explain to a consumer. Getting the BBC involved in sorting that > > problem out can only be a good thing. > > > > Lots of cool openid stuff from Simon Willison over here: > > http://simonwillison.net/tags/openid/ > > > > J > > > > ________________________________ > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Simon Cobb > > Sent: 05 June 2007 07:30 > > To: backstage@lists.bbc.co.uk > > Subject: [backstage] openID on the BBC > > > > > > > > > > Did anyone else see this article on openID? > > http://www.nik.com.au/archives/2007/03/12/openid-too-many-prov > > iders-not- > > enough-consumers/ > > > > (Suddenly I've got the fear that this HAS already been done > > here- too many lists to remember! - anyway I shall plough > on as if it > > hadn't) > > > > The article's basic thrust, as I understand it, is that > whilst openID > > is A Good Thing, there aren't enough sites offering to be merely > > 'consumers' of openID. Most don't want users signing in > with details > > that are locked to an alternative service, they wish to > control users' > > personal data. > > > > But it struck me that the BBC is positioned to take advantage of > > openID since it doesn't have any commercial motivation to lock > > "customers" in. > > And further, it allows uers to choose which authentication provider > > they want, promoting user choice and lastly, it means the amount of > > personal data the BBC gathers is reduced. > > > > In return this could drive uptake of openID as other sites > see a major > > > broadcaster using it. > > > > Of course, for those folks who don't have an account with any other > > openID provider, they can use a proprietary BBC > authentication system > > (lets call it "SSO", heh). > > > > I can only see advantages to deploying openID on the BBC - have I > > missed something? > > > > > > > > > > > > - > Sent via the backstage.bbc.co.uk discussion group. To > unsubscribe, please visit > http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. > Unofficial list archive: > http://www.mail-archive.com/backstage@lists.bbc.co.uk/ > > - > Sent via the backstage.bbc.co.uk discussion group. To > unsubscribe, please visit > http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. > Unofficial list archive: > http://www.mail-archive.com/backstage@lists.bbc.co.uk/ - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
-- Gareth Rushgrove morethanseven.net webdesignbookshelf.com refreshnewcastle.org frontendarchitecture.com - Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html. Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/