From a user's point of view, OpenID works something like this:
- You browse to a site you like that uses OpenID, and click the "login" button
- You enter your OpenID
- You are redirected to the site that authenticates your OpenID.
Note: You may be asked to login with a username and password for that site if you haven't done so recently.
- You are redirected back to the original site you browsed to, and are automatically logged in
Today I got to thinking that this is quite similar to how the "reset my password" link on most websites works:
- You browse to a site you like, and click the "reset my password" button
- You enter your username or email address
- You Alt+Tab to your email client, or Ctrl+Tab to your web-based email client.
Note: You may be asked to login with a username and password for your email server if you haven't done so recently.
- You Alt/Ctrl+Tab back to the original site you browsed to, paste in the newly generated password, and are logged in
In OpenID terms, I guess this means that email is a relying party.
Which makes me wonder: if a browser plug-in could automatically receive, extract and paste replacement passwords from emails, we'd get most of the benefits of OpenID without any adoption issues. Thoughts?
Welcome, my name is Paul Stovell. I live in Brisbane and work on Octopus Deploy, an automated deployment tool for .NET applications.
Prior to founding Octopus Deploy, I worked for an investment bank in London building WPF applications, and before that I worked for Readify, an Australian .NET consulting firm. I also worked on a number of open source projects and was an active user group presenter. I was a Microsoft MVP for WPF from 2006 to 2013.