Jay, trying to remember...

More on OpenID

I’m now working on user creation process…

This was what I was trying to eliminate by using OpenID - but realistically, while OpenID may be suited to the problem “Allow access to a person visiting this site”, it isn’t well suited to the problems of “Use the supplied information to act as a user on this site”

The problem is this, OpenID allows for a federated login but doesn’t allow for basic user information (like an email address or name) which is critical to application usage to be passed back to the application. And while there is something called OpenID Simple Registration Extension (sreg), it doesn’t seem to be supported in ANY major OpenID providers.

This leaves OAuth or Facebook Connect. Both are better suited to replacing a the whole user creation / user model in that most of the necessary basic user information is available via either’s API. Additionally, information about the specific service that you’re connecting to is available. For example with Twitter’s OAuth, you have access to all of the friends associated with the Twitter account you’re connecting to.

Google, incidentally, is trying to mix the two together, which seems like a pretty good approach but I’m unaware of any other site using this mixed OAuth / OpenID thing at the moment.

So, in summary, I think I’ll start pursuing the OAuth approach. I will also probably build a Facebook Connect approach if time allows.


comments powered by Disqus