Opinion of #SeamlessID at request of @mrchrisadams ; #security #identity & a HT to @blaine

@mrchrisadams wrote:

@alecmuffet, @glynwintle I respect your opinions & I think you’d be interested in SeamlessID. Thoughts?
From Logins to Seamless Identity, a new paradigm for the web

This is hard for me, because I have a really big downer on:

  1. federated identity
  2. single sign-on
  3. People who make glib statements like Is the login paradigm a failure? Yes.

Blaine Cook makes exactly the right observation from a positive, constructive perspective:

This is a wonderful writeup, but why the heck are you proposing yet another standard?!?! Please, go cooperate with the BrowserID folks instead of trying to fracture the already fractured landscape.

…but I don’t even go that far because I can’t be constructive about this shit.

Putting aside the endlessly reinventing the wheel issue, I can’t see how “Seamless Identity” is much different to my setup where I have 1password integrated into every browser and can pull-down independent “identities” to log into different sites, and can cross-authenticate them with OAuth for asynchronous services where I desire; but aside from that point the identities are all unlinked and distinct.

Passwords are the worst form of authentication that we have ever invented, except for all the other ones that have been tried from time to time.

Form-filling, single-input… Everything else is just teh prettys.

“they can’t ask you twice without looking suspicious” – bullshit.

One Reply to “Opinion of #SeamlessID at request of @mrchrisadams ; #security #identity & a HT to @blaine”

  1. However, I already answered to Blaine. As I said in the article and in the reply, that piece came out after a couple of good discussions with the BrowserID team and after a few months of research. There’s nothing like “another standard”, we are on the same train. I say that a couple of times in the article, wasn’t that clear enough? πŸ™‚

    I guess then that what remais is just “wonderful writeup”. πŸ™‚

    About the three points:
    1. It’s *not* federated identity. But since it’s a flexible, modular system, it can be. πŸ™‚
    2. It’s exactly like having 1Password, and adds even more (like, exactly, the seamless part that today is *impossible*).
    3. That’s just common rhetoric, I really hope that you didn’t judge the whole piece by it. πŸ˜‰

    Plus, you don’t like people who make “glib statements” and you close your article citing me out of context and saying “bullshit” when it’s clearly not? Can we call this a draw and move forward? πŸ™‚

    Let’s take another perspective.

    Recently I was reading that 8 out of 10 people just use Facebook Login because it’s a one click action (I’ll try to find that article again, I don’t have it at hand).

    The shift I’m describing is *already* happening. So there’s no “except for all the other ones”. There are already models that are proven working better than logins. As much as you don’t like federating, I don’t want a future where to login I have to use only Facebook… unless, unfortunately, that future is already here. Many, many startups are going down that road today.

    So we need to join forces and collaborate with an open standard that sits on an entity that’s independent. That means the browser, BrowserID and, I hope, with a UI like SeamlessID. And if in the meantime we are also able to remove the burden of passwords, why not? 1Password has its limitations but works, so why not take it and improve?

    That’s what SeamlessID is about. πŸ™‚

Leave a Reply

Your email address will not be published. Required fields are marked *