 |
 |
The Business Blog at Intuitive.com
|
Dave Taylor has been involved with the Internet since 1980 and
is widely recognized as an expert on both technical and business
issues. He has been published over a thousand times, launched four Internet-related
startup companies, has written twenty business and technical books and holds both an MBA and MS Ed.
Dave maintains four weblogs:
The Business Blog at Intuitive.com,
Ask Dave Taylor,
Dave On Film,
and
Attachment Parenting Blog.
Dave is an award-winning speaker, sought after conference and workshop participant and
frequent guest on radio and podcast programs.
|
Incompatibility plagues the OpenID project
I'm busy writing a blog entry over on AskDaveTaylor.com about how to apply for an OpenID account and am both highly impressed by the project goals and appalled to see that when I use my new Yahoo OpenID to verify my identity on the Livejournal site that I get this error message:
What the heck, guys? When are any of these project teams going to learn that compatibility is more important than slick new features and that one glitch like this will sour users on a technology for years to come?
This highlights a huge challenge for the evolution of software projects: improving features and compatibility while not breaking things.
Clearly, we're still working on that issue...
I wouldn't be so quick to jump on them - note the "more secure." That seems like a nice way of saying the old version had a gaping security hole that couldn't be fixed without forcing this new version. Breaking backwards compatibility could indeed have been the only possible means of fixing a serious security problem. One would hope they know very well that breaking backwards compatibility for no good reason isn't the best idea in the world, and were mandated to do such.
Given these types of security vulnerabilities never get disclosed unless an outsider finds it first, it's impossible to know the true driver behind this choice. I think this is a pretty safe guess though.
Posted by: Chris Buechler on July 9, 2008 4:11 PMEver heard of security? They did make it somewhat better although there are lots of holes remaining. Instead of throwing daggers, why don't you jump in and contribute? Would be interesting to blog your participation as well...
Posted by: James on July 10, 2008 5:16 PMThanks for your comments, Chris & James. I realize that the change from v1 to v2 OpenID is to do with increasing security -- the message from Yahoo highlights that, of course. The point is that there are customer-friendly ways to step from one version to another and customer-unfriendly ways.
OpenID is an example of the latter.
How could it be done differently? What about a message that said "Warning: OpenID v2 is more secure: do you want to proceed with an OpenID verification using this older protocol? YES / NO"
In terms of your comment, James, that "those who aren't contributing shouldn't comment", well, I think that's fine if the only users are expected to also be contributors or programmers. Otherwise, that's also a rather customer unfriendly attitude for a service that needs widespread adoption *and positive sentiment* to be successful.
Posted by: Dave Taylor on July 10, 2008 9:42 PM
|
Before you leave a comment, a tip: If you're interested in blogging, you should sign up for my Blogsmart News so you can stay up to date
on the latest insider tips and ideas for your Internet business and marketing
efforts. Sign up right now and you'll get a free copy
of my "Insider's Guide to Blogging" ebook too! |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
The Business Blog
