From a user's point of view, OpenID works something like this:
- You browse to a site you like that uses OpenID, and click the "login" button
- You enter your OpenID
- You are redirected to the site that authenticates your OpenID.
Note: You may be asked to login with a username and password for that site if you haven't done so recently.
- You are redirected back to the original site you browsed to, and are automatically logged in
Today I got to thinking that this is quite similar to how the "reset my password" link on most websites works:
- You browse to a site you like, and click the "reset my password" button
- You enter your username or email address
- You Alt+Tab to your email client, or Ctrl+Tab to your web-based email client.
Note: You may be asked to login with a username and password for your email server if you haven't done so recently.
- You Alt/Ctrl+Tab back to the original site you browsed to, paste in the newly generated password, and are logged in
In OpenID terms, I guess this means that email is a relying party.
Which makes me wonder: if a browser plug-in could automatically receive, extract and paste replacement passwords from emails, we'd get most of the benefits of OpenID without any adoption issues. Thoughts?
Hello, I'm Paul Stovell
I'm a Brisbane-based software developer, and founder of Octopus Deploy, a DevOps automation software company. This is my personal blog where I write about my journey with Octopus and software development.
I write new blog posts about once a month. Subscribe and I'll send you an email when I publish something new.Subscribe