No matter how cool or innovative a particular new technology is, without the critical big business adoption process, it’s usually doomed. We’re in the midst of seeing this with Joost, as they can’t sign the big content deals with major providers. We’re NOT, however, seeing this doom with OpenID – it seems to be doing great!!
In a great stroke of luck for Janrain’s OpenID unified user account sign-in technology, Yahoo has just adopted the standard, and is now offering OpenID authentication to all users (read on TechCrunch). It’s a simple and free upgrade to your account, and is available immediately. After upgrading your Yahoo! account, you’ll be able to enter me.yahoo.com/username as your OpenID on supported websites, and have to remember only one password to surf the web. Awesome! (For the record, I currently use MyOpenID.com for my OpenID server)
Given that I currently have approximately elenventy billion user accounts strewn about the web, widespread adoption of OpenID would be great for me. One password to logon to all my web services. And plus, with portable identities, even signing up for new sites is easy.
Finally, somebody today asked me about security.. is having one logon for everything safe? First of all, OpenID is engineered for security, and as of late, has started to support some advanced security protocols, such as Microsoft Cardspace, Passwords, and Client Certificates. And also, if your OpenID is compromised the system is logged, and it’s easy to change your password throughout the whole system. I do think that there should be an ultra-secure protocol for changing a password… so if somebody does get your current password and hack into your base OpenID account, it won’t be so simple for them to change the password and lock you out completely…perhaps multi-factor authentication, etc.
Still confused about what OpenID is? Check out some quick and simple intro videos and guides:
OpenID According to Dave, on YouTube
Simon Willison’s slightly stuffier OpenID screencast
Straight from the horse’s mouth: OpenID primer from Janrain
Establishing the identity, first, before allowing the ID to be trusted/propigated is the key.
Check out MFC’s SecureAuth – a secure way to establish the identity before propigating the “trust”.
All the best.
Garret Grajek, CISSP
You seem to be a bit confused. OpenID is not any one company’s technology, but a collaborative effort of many companies and individuals, open-source style.
See for example https://en.wikipedia.org/wiki/OpenID#History
Ah, you’re right.. it’s NOT janrain’s own technology.. i think i was just getting a little mixed up/unclear with how i phrased it.. since janrain seems to be a huge proponent of the technology, and is the first ID provider I used, so i tend to associate the technology with them.
Thanks for the clarification!
Comments are closed.