From a user's point of view, OpenID works something like this:
- You browse to a site you like that uses OpenID, and click the "login" button
- You enter your OpenID
- You are redirected to the site that authenticates your OpenID.
Note: You may be asked to login with a username and password for that site if you haven't done so recently.
- You are redirected back to the original site you browsed to, and are automatically logged in
Today I got to thinking that this is quite similar to how the "reset my password" link on most websites works:
- You browse to a site you like, and click the "reset my password" button
- You enter your username or email address
- You Alt+Tab to your email client, or Ctrl+Tab to your web-based email client.
Note: You may be asked to login with a username and password for your email server if you haven't done so recently.
- You Alt/Ctrl+Tab back to the original site you browsed to, paste in the newly generated password, and are logged in
In OpenID terms, I guess this means that email is a relying party.
Which makes me wonder: if a browser plug-in could automatically receive, extract and paste replacement passwords from emails, we'd get most of the benefits of OpenID without any adoption issues. Thoughts?
Enjoying these posts? Subscribe for moreSubscribe now
Already have an account? Sign in
Hello, I'm Paul Stovell
I'm a Brisbane-based software developer, and founder of Octopus Deploy, a DevOps automation software company. This is my personal blog where I write about my journey with Octopus and software development.
I write new blog posts about once a month. Subscribe and I'll send you an email when I publish something new.Subscribe