I thought that at the time! But what stopped it? I know oauth1 had some crazy crypto-in-javascript nonsense that held it back, but that wasn't in openid. I'm not clear what happened there... or whether it's reversible :)
2
Brad, Didn't it have URLs as IDs or something? That part felt weird even at that time (vague memories...)
2
Yes, it used URLs instead of email addresses. It was ahead of its time. (Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email) Relying Parties balked at not having an email address to spam with.
2
6
Here's some background on why this solves the particular problem you're talking about in this thread: aaronparecki.com/2018/07/07/…
1
4
Neat! Seems to still have the URL pasting problem though. How is that UX different from openid, which users didn’t like?
2
1
That problem can only be solved by browsers. Right now, most of the time the browser autocompletes my URL because I've entered it enough, so I'm not actually typing it out. With any amount of thought, browsers could automate that just like credit card payment forms.
1
1
If login were automated like credit card forms, it would fail about 50% of the time and need me to enter a page full of unnecessary personal information by hand. That’s not a good model. Why not let me enter an email address instead? That has a domain in it.
3
Why is entering an email address less work than entering a URL? What I'm saying is browsers could have an "account chooser" UI to save a URL and enter it in the login field.
2
That creates a chicken-and-egg problem: browsers won't adopt it unless it's popular. It won't be popular unless browsers adopt it. Chicken-and-egg problems create usually-insurmountable barriers to adoption.
1
That hasn't been true for years. Browser vendors are pushing new features that they want or think will be helpful. Here are some examples: github.com/WebKit/explainers See also all the Twitter threads of people getting angry that Chrome implements something before it's standardized.

Apr 10, 2020 · 4:16 PM UTC

1
The browser owners are happy to implement things that help with lock-in, such as Login with Google, Pay with Apple, etc. That's how we got where we are today. That's not chicken-and-egg for them, that's investment. Distributed systems that avoid lock-in need a different plan.
1