Monday, September 15, 2008

Google, age and single sign-on

Kim Cameron and I were talking this weekend and he mentioned he was about to post regarding Google's recent single sign-on and SAML "faux pas". Kim does a fine job of pointing out the problem and providing references to the relevant material. However, there are a few lines that I thought were interesting and made me think a bit about Google from a different angle:

But the surprising fact is that the errors made are incredibly basic - you don’t need an automated protocol verification system to know which way the wind blows. The industry has known about exactly these problems for a long time now. Yet people keep making the same mistakes.


But let’s face it. As an industry we shouldn’t be making the kinds of mistakes we made 15 or 20 years ago. There must be better processes in place. I hope we’ll get to the point where we are all using vetted software frameworks so this kind of do-it-yourself brain surgery doesn’t happen.

I've heard from a number of people who have either joined Google, been acquired by Google or interviewed at Google that they seem to place particular reverence on young, hip, styling, hot, recent graduates from name brand schools. Of course, this makes me think that they may not revere the more mature, industry (and customer) schooled professional who has been around the block more than once. Could Google's predilection for those who have just emerged from the fountain of youth have contributed to this SSO "disaster"? Obviously, I don't know if it is a contributing factor or not but I do wonder.

But, if Google is looking for someone more mature, who has been described as beautiful by many, is gregarious and outgoing, then look no farther and click here.

Technorati Tags:
, , , ,

1 comment:

Sujan Patricia said...

Thanks to Google, the web's big boss, for the implementation. Not only google, but all service providers should ALWAYS use https when requesting passwords from a user.

my site