I’m at the knowledge level of knowing enough about OpenID to get my foot lodged in my mouth very easily, so please (please, please) correct me if I’ve got something wrong because I’d really like to work this out.
I signed up for a Zooomr account months ago, and haven’t really used it since. I did not use it because I was happy with my Flickr account. During those long months after having tried out the photo sharing service with too many Os, two things happened.
First, I became angry with Flickr for having to use my Yahoo ID to log in. I don’t think it was necessarily the “sky is falling” event that I worried about, but I still really dislike having to sign in as “ringmasterow” (Yahoo ID) rather than “ringmaster” (Flickr ID), almost as much as having to use “/asy” instead of “/ringmaster” as my Flickr URL because Flickr attributes no value to their usernames at all. Grr.
Second, I completely forgot what OpenID service I used to log in to Zooomr. At the time, I’m sure that I didn’t have OpenID on this domain. At that point, I either used a service or installed a sketchy WordPress plugin to implement an OpenID server based on WP logins. Either way, I’m not sure what my Zooomr OpenID account is.
Since then, I’ve tried to switch from Flickr to Zooomr due to my dislike of the whole Yahoo debacle. But I can’t because I don’t know how to log in to Zooomr via OpenID.
I’ve looked at my profile from outside Zooomr, but it doesn’t give away any information about what my OpenID might be. This is odd because one of the advantages of OpenID is supposed to be that you can publish your OpenID address like your username, and your friends could grant you access to resources ahead of time, assuming that you’ll be authenticating against the OpenID server you’ve specified.
Yeah, I know, it sounds outrageously complicated.
If I’ve used my own domain as an OpenID server (that would be really stupid to do here, though) then it should be reasonably simple to use delegation to point OpenID clients to another place to authenticate me. The trick is that I’ve yet to find any instructions that explain which URLs to use for this purpose. It requires two for some reason. Shouldn’t I just be able to say, “Go look over at http://{OpenIDserver}.com instead of here”? Apparently not.
And I still don’t know if that’s going to work, because I don’t know what URL I have on file at Zooomr. I don’t even seem to be able to get Zooomr to send me an email with my OpenID info, because, well, I used OpenID for authentication, which doesn’t require email.
This is perhaps just a support issue with Zooomr itself, but I think this problem will become more prevalent throughout sites that use OpenID for authenticaton.
For example, now, instead of having to remember simply a username and password, you must also remember the URL of your OpenID server. That might not be so bad, but because there are a handful of services offering OpenID logins, and they all add different features as they progress, you might try a few different services for login. And then, when you get really into OpenID, you might install an OpenID server module of your own on your own site, or maybe you’ll figure out the delegate stuff. Either way, there’s the potential for a lot of mixing and matching.
What would be ideal is if the OpenID servers could talk to each other and accept other OpenID server authentication as valid. It’s not something that they should do automatically, of course, but it would be cool if you could accidentally provide the wrong OpenID domain, and then when you end up on OpenID Service A’s authentication page, it would ask, “You have not previously allowed access to this site via this OpenID account. Do you want to search your other OpenID services for authentication?” That would be slick.
Anyway, I think this idea is important as we progress toward Identity 2.0, and I know that Habari will soon be part of the mix as we soon add OpenID client and service as default login options. Maybe Habari could spearhead this interconnectivity feature. I think it would be very useful.
Of course, if there is already technology in place for OpenID that employs this, I’m anxious to learn about it. Leave me a note, please. (Especially if you know how I can recover my Zooomr acocunt, since I’d really like to use it again.)
