[OpenStack-Infra] On being an OpenID consumer instead of an OpenID producer.

Ryan Lane rlane at wikimedia.org
Tue Sep 24 23:39:44 UTC 2013


On Tue, Sep 24, 2013 at 4:01 PM, Atwood, Mark <mark.atwood at hp.com> wrote:

> | It's actually opposite of how you describe. Writing a good OpenID
> consumer
> is hard due to user interface design issues,
> | especially since most people (even most technical people) have no idea
> how
> to properly use OpenID. Education efforts
> | have been ongoing for 8 years, so that won't really help either.
>
> Except that in our case, all our apps are *already* OpenID consumers.
>  There
> is no additional education or development needed here.
>
> Standing up another provider is more work.  Making our existing apps be
> provider agnostic is less.
>
>
It's generally less work to use a centralized provider and it's definitely
more friendly to end users.

If every application is provider agnostic each one of them will have their
own OpenID consumer interface. This means it's necessary to make all of
them look the same, which requires modifying a lot of applications. Adding
different auth mechanisms (like persona) means adding it to every single
application, too.

By having a centralized provider, you keep the login workflow of clicking
"log in" on any of the applications, which will redirect users to a
consistent login interface. Assuming we wanted to allow OpenID as a
consumer, or persona, we'd only have to add it to a single location, rather
than to every single application we use.

- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20130924/b402b094/attachment.html>


More information about the OpenStack-Infra mailing list