OpenID Foundation Embraced by Big Players 167
An anonymous reader writes "The OpenID Foundation has announced that Google, IBM, Microsoft, VeriSign and Yahoo! have all joined its board. It's exciting to see OpenID being embraced by such large players, but its also a concern that such big corporates are now directly influencing the fledgeling foundation. 'Today there are over a quarter of a billion OpenIDs and well over 10,000 websites to accept them. OpenID has grown to be implemented by major open source projects such as Drupal, cornerstone Web 2.0 services such as those by 37signals and Six Apart, as well as a mix of large companies including as Apple, Google, and Yahoo!. Today is about truly recognizing the accomplishments of the entire OpenID community which has certainly grown beyond the small grassroots community where it started in late 2005.'"
A quarter _BILLION_? (Score:3, Interesting)
Licensing (Score:4, Interesting)
I'm no expert on such things, but wouldn't you want an extremely restrictive license, to prevent providers from "improving" the concept and breaking interoperability? Or having the more "trusted" providers begin charging for the service? Although I suppose this depends on Fitzpatrick's definition of liberal.
More Info Here (Score:4, Interesting)
As someone that used to work for a company that developed strong authentication systems, I can tell you that big-business has been having some kind of orgasm about this for quite a while now.
The typical big-dreamer sees "identity" as a problem of too many logins/passwords. Yahoo and IBM have different customers, but similar goals simplifying authentication/identity for their customers. As usual, Microsoft is conspicuously absent because they think they've got the proprietary solution already.
Re:Secure? (Score:4, Interesting)
This isn't about having one password. This is about having one account. There's ample opportunity for improved security without the need for passwords. Have your OpenID provider authenticate you via an SSL cert on your USB flash drive if you want, or even via fingerprint recognition, you or your provider can implement whatever level of security you need and there's no need for the relying parties to mess about with their authentication system to accommodate you, it all just works automatically with any OpenID-capable website or web application because it's the OpenID provider doing the authentication, not the websites or web applications themselves.
Websites and web applications are relatively limited in what they can offer in terms of authentication options. OpenID allows people to experiment with alternative authentication schemes without having to drag websites and web applications along with them.
Re:Secure? (Score:3, Interesting)
Re:Op out (Score:3, Interesting)
Now, I can use OpenID to stop dealing with my passmanager! I can get the same login name everywhere. If I want the simple route, I simply use diggity.myopenid.com. If I want the advanced "I control it all" route, then I can host it myself using phpMyID (although that makes it a fair bit less anonymous
The best part though, and I think this is where you are confused, is that you can create as many OpenIDs, using as many providers, as you want to keep track of! You could have ten different logins to Slashdot if you wanted. You can have that already right now, but OpenID allows you to take this the extra step and take any of these logins with you to any other site in the future. If you want extra security, you can use a provider in a foreign country that deletes all logs, never tracks IPs, and understands full deniability. Whatever. This is totally up to you!.
- DaftShadow
Re:A quarter _BILLION_? (Score:4, Interesting)
I have to say I'm shocked there are so many people piling on this anti-identity bandwagon. Don't you people understand that the purpose of OpenID is to allow you, the user, to control your own identity and the information companies are allowed to collect about you? (As opposed to right now, where sites ask you to sign up and provide X info to create an account and you either provide it or don't get on?)
Identity management allows you to control your Internet presence in one single place, and acts as a single gateway for you to allow or disallow sites to know about you and collect information about you. This is a good thing people. It's secure. It promotes security...real security. It also promotes anonymity when you want it. Unlike Facebook where you add 50 apps and leave all the boxes checked and then have to page through one app by one once you understand the impact of those boxes...
Don't knock something till you understand it. Someday the intarwebz will be open id powered.
When will the big players accept other's OpenIDs? (Score:4, Interesting)
OK, that's nice. But how do I get Yahoo to accept my i-name or my AIM OpenID? On Yahoo's OpenID setup page, I only see options for creating my Yahoo OpenID.
I'm not going to count the big players as embracing OpenID until I can tie any one of my existing OpenIDs to my account.