Time, Walk, Step, Turn Hosted on Zooomr[I am CEO of Zooomr]
WIRED Blogs: 27B Stroke 6: In a keynote speech at the RSA security conference earlier today Bill Gates reportedly announced that Microsoft was going to support OpenID.
OpenID is an open, decentralized identity system that attempts to provide a solution to the multiple log on ID systems to access various sites across the internet.
Microsoft’s support for OpenID would be the most significant and visible boost yet to the OpenID system. Many smaller sites (such as our own site Zooomr, LiveJournal and JanRain) have been some of the pioneers recommending the system to our users. Although I’m not exactly sure on the details on how deeply Microsoft plans to support OpenID, Gates was quoted as saying,
“We saw some of the people working in the Web 2.0 world and they came up with OpenID 2.0.”
“We were working on CardSpace, one growing up from the blog world and one from the enterprise space. And in fact, we are going to support OpenID 2.0 and they are expanding so they are going to have CardSpace as a standard capability, because it solves some attacks, particularly Man-In-The-Middle attacks.”
One of the significant differences between OpenID and other single identity log on solutions offered such as Microsoft’s own Passport system or similar identity systems offered by Yahoo and Google is that OpenID is non profit and is not designed to be used as a marketing vehicle.
OpenID clearly states on their official site: “Nobody should own this. Nobody’s planning on making any money from this. The goal is to release every part of this under the most liberal licenses possible, so there’s no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we’re all a part of the community.”
Recently Yahoo came under significant fire for their decision to force Flickr users to adopt Yahoo’s log on ID system by March 15th. Much of this fire came from a distrust by Flickr users with Yahoo and concerns that by adopting an Yahoo ID that these users would be subjected to unwanted marketing efforts from Yahoo.
Hopefully with Microsoft now supporting OpenID, Yahoo and Google will consider the standard as a legitimate log on for their properties as well. Yahoo recently was in the news When Simon Willison an ex-Yahoo engineer built a service allowing people to use their Yahoo ID as an OpenID account. Although this kind of unofficial support is nice. It still does not allow the reverse, which would be to let someone access various Yahoo properties (Flickr, Delicious, Upcoming, etc.) with an OpenID account.
More from Six Apart’s Brad Fitzpatrick’s blog here. More from Kim Cameron’s Identity Blog.
Thanks, Chad!
I don’t quite get OpenID… where does one get an OpenID? Do I have to sign up for something like Zooomr and then that account transfers? Or do I go to a centralized service whose ID works numerous places?
I don’t like OpenID, or Passport, or yahoo! ID, or Live ID, or any other similar sytem. I prefer keeping separate identities for each website’s services I use. Sometimes I want different usernames for different websites, sometimes different email addresses, sometimes I want to provide lots of personal details, sometimes I just want to give fake information.
This is why I don’t like Zooomr’s login system, and probably the only thing from keeping me from using Zooomr instead of Flickr.
I believe that OpenID is intended to be primarily an authentication model, rather than forcing one user name for all uses. The local sites can still allow you to have a local display name. As to the fake id model, you can still presumably use more than one OpenID id, so I do not see this has preventing that safety model.
The intent is what certificates do – make sure that someone does not steal your identity.
I also think that one should be able to choose how much information gets transferred across when creating an “account” with a new site or network.
It feels that we’ve spent almost all of our time uncomfortably bursting at the seams; we’ve always been at pretty much close to capacity. We’ve worked very hard to keep the system as stable as possible and as fast as possible in that time. However, I feel that during this very exciting time for the team I’ve personally had less capacity for talking more openly to the delicious community about what’s been going on. Given that we’ve undergone a lot of changes and have a lot more in store in the future, I want to resolve to be better about communicating.
It’s not smart to be able to log in to any website that uses one ID. Its not secure, i hear hackers can harvest information easily.