Open Stack

On 09/24/2013 07:39 PM, Ryan Lane wrote:
> On Tue, Sep 24, 2013 at 4:01 PM, Atwood, Mark <mark.atwood at hp.com
> <mailto:mark.atwood at hp.com>> wrote:
> 
>     | It's actually opposite of how you describe. Writing a good OpenID
>     consumer
>     is hard due to user interface design issues,
>     | especially since most people (even most technical people) have no
>     idea how
>     to properly use OpenID. Education efforts
>     | have been ongoing for 8 years, so that won't really help either.
> 
>     Except that in our case, all our apps are *already* OpenID
>     consumers.  There
>     is no additional education or development needed here.
> 
>     Standing up another provider is more work.  Making our existing apps be
>     provider agnostic is less.
> 
> 
> It's generally less work to use a centralized provider and it's
> definitely more friendly to end users.
> 
> If every application is provider agnostic each one of them will have
> their own OpenID consumer interface. This means it's necessary to make
> all of them look the same, which requires modifying a lot of
> applications. Adding different auth mechanisms (like persona) means
> adding it to every single application, too.
> 
> By having a centralized provider, you keep the login workflow of
> clicking "log in" on any of the applications, which will redirect users
> to a consistent login interface. Assuming we wanted to allow OpenID as a
> consumer, or persona, we'd only have to add it to a single location,
> rather than to every single application we use.

Yes. And if that place itself allows aggregated auth, then fine.