Ok, its going to be even better when more sites adopt, but I think this looks exciting enough that I’ll be watching it very closely.

Definitely a fan, good luck Clickpass!

Good call on the documentation - there was such a lot to write that it didn’t occur to us to explain the passwords issue. We’ll get on putting a section our docs.

Best wishes,
Peter

Thanks for the informative comment. It helps understanding how things work and what you’re trying to achieve with Clickpass. It’s especially good to know that the login credentials are not only stored on your servers but are not even passed through them. Maybe add an explanation to your site. I am sure users appreciated this.

Of course, you’re right that OAuth is not widely deployed yet. Would be great if you switched to it later.

I will watch Clickpass.
Carsten

I’m one of the founders of Clickpass and it’s very interesting and helpful to see your critique.

You mentioned directed identity. We are essentially doing directed identity but we built it in such a way that it’s OpenID 1.1 compatible as we we knew that a lot of people wouldn’t yet have OpenID 2.0 libraries.

We also made sure that people could use both their own OpenID and one from the other major providers (in the drop-down box next to the button). As more providers appear we’ll be adding them into that drop-down so that site owners don’t have to provide the list themselves.

We spent a lot of time talking about the ‘asking users for passwords’ problem. In actuality we don’t even pass the credentials through our server - they are submitted directly to the relying party but nonetheless is would be better not to ask for them at all.

In time we’ll do this step via OAuth but we knew that at the start almost no sites would be supporting OAuth and that the OpenID installation barrier was already very challenging for sites to overcome.

We really wanted to help break OpenID through into the mainstream and have tried to do that with the best practices possible. We’re still working to get those things right though and really appreciate analysis like this - it helps focus us on the bits that still need to improve. Please do contact me directly if there are any other things you’d like to see us doing - peter dot nixey at clickpass dot com.

Peter Nixey

This button spawn business will hurt the adoption of OpenID in the mainstream, as it will become confusing to most. The better adaption method by service provides would be you use one open id login field, with explanatory text highlighting that openids from Yahoo, myopenid, Clickpass, and many more can be used.

I did not realise though how clickpass worked in practice… That you had to enter your plaxo-password again, and I also find the “Which website do you use?”-part a bit confusing. Not so impressed anymore.

To summarize it; I dont like it either.