I have a blog address as yuriytkach.blogspot.com. I went to the livejournal.com (one of the sites, that supports OpenId), and in the login field I clicked OpenId. Then I entered yuriytkach.blogspot.com and it worked: it then redirected me to the blogspot.com site where I enterened the my google's email and password, then it asked me if I trust the livejournal.com site and after clicking 'yes' I found myself on the user page of livejournal! Cool!
Now, several questions broached in my head:
Now, several questions broached in my head:
- What if livejournal decided to steal my password for some reason, and what if they redirected me to the fake blogspot site? So using of OpenId on some suspicious sites, that claim that they support it, should be done carefully.
- Idea behind using of only one login everywhere is very cool. But what if I lost my password, or even worse - someone steal my password. Well, anyway that's a double side of the problem: on the one hand I have to remember many ids and passwords, on the other hand I have only one id and password, but I can loose everything with loosing one password. :)
- I haven't yet figured out the technical thing behind the OpenId (but I will have to do that, because we probably will implement it in our project), but the question bothers me. What if an OpenId provider will go down. For example, if blogspot.com will blow up or something. :) How the identification will go in such a way?