I don’t know enough personally. SAML seems a bit horrible, but I think the required baseline functionality might be enough to consistently login. It has a lot of optional features but I’m less offended about that.
1
1
None of these {#{}}^ standards give me what everyone actually needs: a zero-admin user friendly way for users to push a button to share their identity with a web site.
This is why we get stuck with the big 3 identity providers. It’s a giant failure of standardization.
1
1
5
I thought that at the time! But what stopped it? I know oauth1 had some crazy crypto-in-javascript nonsense that held it back, but that wasn't in openid. I'm not clear what happened there... or whether it's reversible :)
2
Brad, Didn't it have URLs as IDs or something? That part felt weird even at that time (vague memories...)
2
Yes, it used URLs instead of email addresses. It was ahead of its time. (Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email)
Relying Parties balked at not having an email address to spam with.
2
6
Have you considered using IndieAuth (indieauth.spec.indieweb.org) which does the same now?
I’ve implemented it on my personal site (github.com/shurcooL/home/iss…) and I’m very happy with it. Especially during GitHub outages.
2
1
Here's some background on why this solves the particular problem you're talking about in this thread: aaronparecki.com/2018/07/07/…
1
4
That problem can only be solved by browsers.
Right now, most of the time the browser autocompletes my URL because I've entered it enough, so I'm not actually typing it out. With any amount of thought, browsers could automate that just like credit card payment forms.
Apr 10, 2020 · 3:36 PM UTC
1
1