TR: OpenID in India - What stops you from using OpenID?

Interesting comments Eddy,

I copy also here the answer of Vijay Anand, the founder of www.pronto.in

It's a platform with important Indian start-ups:

Who can answer?

Thanks

-Snorri

Rajan represents a firm that works in the secure identity space. When asked how it measures with OpenID, he mentioned a few remarks. I wanted to run it through you to get your feedback. What do you think?

Vijay

For Point 4 Open ID – Open id is a good concept, but very much different to XeQure. We have taken into consideration the shortcomings of Open ID in development of XeQure. Please visit http://idcorner.org/2007/08/22/the-problems-with-openid/  to get an idea where Open ID stops being user friendly and secure. Few salient points are as below:

1)     Prone to phishing – Open ID workflow and architecture is such that it is easy to phish into as any person can create a website and become an Open ID provider. Causing a great threat to user security and hence confidence in application. If you use one OpenID account to go to two hundred sites, the thief who steals your OpenID credentials gains access to any of the 200 sites.

2)     Privacy issue – With open ID the identity provider can track all your login and usage history. This in itself is a grave concern for internet users. XeQure architecture is different and it does not control the way user moves on a third party website.

3)     No Patent –Open ID is a free framework (without any patent ), which can be implemented by anyone (even hackers and phishers), this makes it very vulnerable for hackers and users tend to have limited trust in such applications. No wonder the user base is still very low for it.

4)     Usability issues – Open Id is too cumbersome to use. It has three entities the user, Identity provider e.g. Claim ID, and Consumer e.g. LiveJournal.com, pbwiki.com, etc. They all have to synchronize to make this functional. Too many parties involved for user ease. It has many steps on each login and it is not a true single click sign on unlike XeQure. This Open ID framework needs to be implemented for each website which requires time and cost to be incurred to do so.

5)     Multiple user account login – What if user has multiple accounts to say Google. He/she will still have to remember all the URIs to login to different accounts. Open ID falls short of a true SSO(Single sign on) to all user accounts.

6)     6)   Limited operation in major players – Open ID is not being provided as a login method on major websites like Gmail, Orkut, Myspace, etc. Although majors like Google, Microsoft, etc. expressed their   willingness to provide support for Open ID more than 6 months back, but have done nothing to make it functional as of yet. It seems that OpenID will take a very long time to be used as a standard on the  World Wide Web.