OpenID yadda yadda yadda...

Ben Finney bignose+hates-spam at benfinney.id.au
Wed Mar 18 04:20:11 GMT 2009


"Stephen J. Turnbull" <turnbull at sk.tsukuba.ac.jp> writes:

> James Henstridge writes:
> 
>  > So OpenID is not going to save you from session cookies. It will
>  > help with managing passwords though.
> 
> AFAICT, to Ben "cookies" are just something that you carry around and
> crumble in your pocket, making an annoying mess.  I don't think he's
> referring to HTTP cookies.  Rather, it's all about managing passwords.

Yes. I'm referring to any site-specific cruft that is useless to me,
except for accessing that one particular site, as a “cookie”
<URL:http://catb.org/jargon/html/C/cookie.html>. They are *always* a
non-zero barrier to entry, with the barrier increasing non-linearly
the more of them are required, and treating them as such puts an IMO
proper perspective on their desirability.

To the extent that a cookie for one system can be re-used (at the
user's option) as-is to access more systems, the payoff to the user
becomes greater. That's why I think OpenID would be a good step
forward.

Even better, though, would be to find as much of the participatory
workflow in Launchpad that can be done *without* authentication
cookies at all, and make it so. I think the BTS is a prime candidate
for allowing open participation without requiring any authentication
cookies at all, as demonstrated by the ongoing existence of such
systems.

I say all of this, of course, as someone without any leverage on these
issues except the volume of my complaints.

James Henstridge <james at jamesh.id.au> writes:
> On Thu, Mar 12, 2009 at 7:01 AM, Ben Finney
> <bignose+hates-spam at benfinney.id.au> wrote:
> >> Also, if you're subscribed to the mailing list, you did have to
> >> specify a password for it in mailman, creating an account for
> >> your email address on lists.canonical.com.
> >
> > I participate via an interface that does not require any
> > site-specific account, precisely to avoid that barrier.
> 
> OpenID is not going to make a difference to whether you need a
> Launchpad account in order to use Launchpad.

That's not necessarily so, as the existence of successful auth-less
BTSes demonstrates. It may be so because of decisions made, but those
*are* decisions, not externally-imposed constraints.

-- 
 \          “When we call others dogmatic, what we really object to is |
  `\   their holding dogmas that are different from our own.” —Charles |
_o__)                                                           Issawi |
Ben Finney




More information about the bazaar mailing list