on authentication protocols
Warning: What follows is a rant triggered by having to log into yet another site in order to carry out some simple task I do 50 times a day on a dozen different sites. It’s not me at my most thoughtful, and it may only make sense to people who care about Web site authentication.
How auth works now:
ME: I’d like to do X.
SITE: Who the hell are you?
ME: Didn’t I just tell you that?
SITE: Nope.
ME: OK, I’m [this guy].
SITE: What’s the password, [this guy]?
ME: Um, [this one]?
SITE: Nope.
ME: Um, [that one]?
SITE: Nope.
ME: Um, [the other one]?
SITE: Nope.
ME: OK, maybe I’m [that guy].
SITE: What’s the password, [that guy]?
ME: Um, [this one]?
SITE: Nope.
ME: Um, [that one]?
SITE: Nope.
ME: Um, [the other one]?
SITE: Welcome, [that guy]! What would you like to do?
ME: Heck if I can remember.
How OpenID auth works now (when you can get it):
ME: I’d like to do X.
SITE: Who the hell are you?
ME: Ask [ID site].
SITE: [ID site], who is this guy?
ID SITE: Who the hell are you?
ME: I’m [this guy].
ID SITE: What’s the password, [this guy]?
ME: Um, [this one]?
ID SITE: He’s [that guy].
SITE: Welcome, [that guy]! What would you like to do?
ME: I’d like to do X.
SITE: OK, here you go, [that guy].
How I wish auth worked:
ME: I’d like to do X.
SITE: Who the hell are you?
MY BROWSER: He told me to tell you to ask [ID site].
SITE: [ID site], who is this guy?
ID SITE: He’s [that guy].
SITE: OK, here you go, [that guy].
Posted by Chris in Technology on September 5th, 2008 Edit this page's grammar and spelling with Emend.
That’s got to be the most brilliant thing I’ve heard related to auth in a really long time.
Thanks for keeping it simple Chris. I can always count on you.
Here’s how it sometimes goes for me:
ME: I’d like to do X.
SITE: Ok.
ME: Now I’d like to do Y.
SITE: Who the hell are you?
ME: I’m the guy who just did X.
SITE: Heck if I remember you. You’ll have to go back outside and start over – and I’ll have my eye on you this time, boyo.