Tag Archives: authentication

Verified Accounts: Twitter’s Next Attempt at Making Money?

Posted on by Mahmoud Al-Qudsi
7

How much would you pay for people to know you’re really you? That the updates coming in every 2 minutes on that twitter page come from yours truly and not someone else… someone else pretending to be you?

If you’re like most people, the answer is not much. But there are people out there that really care, and with good reason. If you’re the FBI, Oprah Winfrey, or one of the million other celebrities currently on Twitter, you probably don’t want someone out there passing themselves off as yourself while posting fake updates to an account literally millions are watching.

Some people to whom money is not an issue already pay thousands of dollars for meaningless SSL certificates – something tucked away in the corner of your browser window that no one pays much attention to. But imagine if Twitter were to start offering “verified accounts” that have been authenticated as belonging to a particular person or institute… how many of these celebrity accounts would suddenly turn into cash cows for Twitter?

Continue reading

Google Abandons Standards, Forks OpenID

Posted on by NeoSmart Technologies
40

A couple of hours ago, the Google Security Team posted an article claiming that Google’s made the switch to OpenID, joining Yahoo! and Microsoft in the ranks OpenID providers.

But it looks like someone may have been a bit to hasty to pull that switch (perhaps itching to get some of the limelight Microsoft has been receiving for adding OpenID to all Live ID accounts just the day before yesterday)… because whatever it is that Google has released support for, it sure as hell isn’t OpenID, as they even so kindly point out in their OpenID developer documentation (that media outlets certainly won’t be reading):

  1. The web application asks the end user to log in by offering a set of log-in options, including Google.
  2. The user selects the "Sign in with Google" option.
  3. The web application sends a "discovery" request to Google to get information on the Google authentication endpoint. This is a departure from the process outlined in OpenID 1.0. [Emphasis added]
  4. Google returns an XRDS document, which contains endpoint address.
  5. The web application sends a login authentication request to the Google endpoint address.
  6. This action redirects the user to a Google Federated Login page.

As Google points out, this isn’t OpenID. This is something that Google cooked up that resembles OpenID masquerading as OpenID since that’s what people want to see – and that’s what Microsoft announced just the day before.

It’s not just a “departure” from OpenID, it’s a whole new standard.

Continue reading