CATEGORIES
- NYC COVERAGE
- WEB STARTUPS
- WEB NEWS
- CONFERENCES
- WEB TECH JOBS
- VENTURE CAPITAL
- MICROSOFT
- INTERVIEWS
- ADVERTISING
- VIDEO
- ALL TOPICS
- ALL COMPANIES
CONTRIBUTORS
- ADRIAN CHAN
- ALICIA NAVARRO
- ALLEN STERN
- CORSIN CAMICHEL
- DRAMA 2.0
- DARREN HERMAN
- HANK WILLIAMS
- MARK DAVIS
- RICK TUROCZY
- SANFORD DICKERT
- SHANNON CLARK
- Comment on YouTube Down by DVS01
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by Satoshi Nakajima
- Comment on Twitter COO Costolo: Advertising Coming To Twitter Soon by OMG Stop the Web! Twitter is gonna run ads ? and Scoble says you?ll love it
- Comment on What?s Up With Yahoo Mail Delivery? by MJ
OpenID – What is it, and why everyone is talking about it
Lately OpenID has been hitting the front page of digg, del.icio.us, and many other large websites. People have been talking about OpenID quite a bit in the last few weeks and there are many people out there who don't even know what OpenID is or what it's about. So I'm here to tell you what it is and why it's so big.
While startups have been popping up left and right for over a year, most of the startups create their own user system. Which means that on almost every cool new startup's site, you have to create and manage a new account. OpenID is a decentralized identity system which allows you to create one single account and use it all across the web.
So what do I mean when I say 'decentralized identity'? Basically, you can host your identity on any server that you choose, whether you put up your own or use alternatives like myopenid.com. This means that if you want to keep your information away from individual websites you can use your OpenID account and login safely without giving your information away.
This is one of two reasons why OpenID is booming right now. Not only does it keep a lot of your information safe it also makes being a big time web service user much easier to manage. As I mentioned before you only have to manage your one account and you're all set.
Having a service such as this, where you can create your single account and use it everywhere has been a hard thing to accomplish, or at least make successful. The hard part about it has been the adoption process. Getting large well known sites, to implement the OpenID system hasn't been the easiest task, but now there are companies jumping on the bandwagon. The main reason for this is that it costs virtually nothing to implement and many people would like to use their OpenID accounts.
Though it may be too early to call I think that OpenID is going to be a huge success. It is really in the adoption phase at the moment, and I think that if people keep getting excited about having a decentralized account for all of their web accounts, more companies will continue to integrate it into their web services.
I created my own OpenId millisami.myopenid.com and I’d used in some sites and this CenterNetworks too.
But I didn’t find any link or article on how to adapt this feature in my userbase websites?
I’m looking for the articles/tutorials on how to adapt this feature as a developer.
This is a great article and OpenID is definitely getting a lot of buzz lately with Digg, Firefox, and Microsoft pledging support. You might be interested to see the demo of OpenID I did here. I’m looking forward to seeing how the development continues in terms of security and redundancy.
Hey I didn’t notice the punctuation, and I am usually a stickler for it, perhaps I was distracted by the decent article outlining a new technology/service.
And how good it might be, open source Identity Management means it isn’t the same as passport and provides an opportunity for sites like this (or mine) to use it. In fact I have recently noticed it implemented in the beta of Joomla which along with gmail/ldap and other connector login services should be an excellent adoption to help with this.
Is it less secure than using a common user/pass for dozens of independant sites around the place anyway? I think there is a greater possibility of a rougue site owner cracking my account within their dbase and going around to see if it works elsewhere than a centred, controlled site owning my ID being hacked from outside.
OpenID is still missing crucial parts for mass adoption. First, it doesn’t actually provide an online “identity”. It is just a protocol for “URL ownership verification”.
Forcing users to use URLs isn’t user-friendly either, regardless how good looking they might be. Won’t work.
What’s missing is really acceptable user IDs and a SINGLE agreed-on user info format. The simple registration extension is ass backwards in exposing machine-readable email addresses per default, btw.
true this is begining , and it will last i think, but with changes.
the question after using openId is how I (the consumer) retrieve user info from his IdP and use it in my site?
If anyone can help.
thnx
Allen, as you stated, OpenID is still in the adoption phase. For anyone who is looking for OpenID enabled sites, we have launched “The OpenID Directory” two weeks ago. I hope this helps showing the facettes of usefullness of this emerging technology.
Also it´s good to see, that you practice what you preach: the OpenID login on centernetworks works perfectly and so we submitted your site to the directory. I hope this is fine for you.
Thanks and keep up the good work!
Thomas Huhn
Thomas – for clarification, Jake wrote the article. Your site looks nice, I see we have 4 votes :) I am glad the OpenID worked for you here, I am still testing it a bit.
I have pushed for SSO since my early Intranet days when every division built their own user databases.
Learn, how, to, use, commas, please.
I run an online concert promotion company (www.loudisrelative.com) that just integrated OpenID technology and am thoroughly impressed with the amount of buzz it has received in the past couple months. It is a truly easy-to-integrate technology that has really helped launch our site!
Thanks for everything!
I had been wondering the specifics of this myself for some time. Thanks for the clarification.
PS – you have enough comma splices to send any English teacher into a raging fit
Is it me or doesnt anybody get the security hole this represents??
Now crackers need to crack only one id and get access to anything and everything!
Why is this more secure???
I see a downside to all this – identity theft on a truly massive scale! Bring it own, bee-yotches!
Why would their be identity theft? Doesn’t make any sense.
didn’t microsoft, try, to, do this, with, passport, already, ?, i mean, what, makes you, think, anybody is going, to, adopt this, ???.
I’m, with, anony,mous.
Learn how to use punctuation, I couldn’t even read the post.
You keep using that word. I do not think it means what you think it means.
WTF? You guys are such anal-retentive grammar nazis. Give it a rest, that was a useful, informative article and an interesting comment. Thanks for the info.
There is a reason why things like this don’t work. Big website owners don’t want you to go to the competition, and this is giving you a free ticket to go anywhere. Sure its great for users, but businesses hate the idea. Its the reason msn passport failed.
Passport failed because it was not decentralized, Microsoft controlled everything. You can see why AOL, Apple, and Google would never implement passport, but their is nothing stopping them from making their own openid based solution. (See AOL’s new announcement)
Pros and Cons. What the big website owners are missing out is that users from elsewhere can start to visit. And by providing free OpenID accounts you popularize your site automatically, because then poeple login elsewhere as ‘username.bigwebsite.com/’ -> free ads.
I dont get it, I’ve read sevaral sites about how the process works (hmm lots of gee wizz while short on details).
But basically the flaw I see is once a ‘bad site’ is set up and you sign in using open id this persona can now rip off your details and log in at all other open id sites using your details.
Am I missing something?
If so I’d really like to know about it.
Cheers,
Dean
http://www.collins.net.pr/blog
Yes, you are missing something. Try it out, then give opinions. http://www.myopenid.com... It takes 5 minutes to truly understand OpenID, try not to make comments until you take the 5 minutes.
The way it works the site you access does not have your password, ever. You log on with an openid. The provider ‘redirects’ you to your openid provider (who obviously already has your password), you authenticate and are ‘redirected’ back to the correct page. Note the ‘redirected’ is in quotes, it is not REALLY a redirect in the HTML/web sense.
For those worried that the site in question will fake the auth then pass it on on the second attempt (false fail on first) to capture your id, see the myopenid.com settings for “safe sign in”.
Finally, someone drops the other shoe. This is a huge security issue.
I would never adopt such a system for this reason, (among others):
As a user, who has my password cracked (or I accidentally allow it to be compromised) – Then this gives access to everything!
I find the name very ironic, and rather apt. Lose or expose one ID and all your services/web sites are wide open!!! Hence the name, openID. I can’t help but laugh at that, sorry.
In other aspects, this article seems to miss a rather important aspect, “accountability”. For example, if an unreliable OpenID provider results in my openID being compromised, who is responsible? This begs another question:
How do I know which providers are reliable? or for that matter, What safeguards are in place to notify users when their openID’s are suspected of being compromised?
I’m happy with the way things are. Different sites have different usernames and passwords. I lose one credential and only my access, to the specific site it was used for, is effected. Currently it seems, openID cannot provide this degree of “full redundancy” (as in mesh topology), if an ID is breeched.
Security is being improved. The best analogy I’ve seen for the “putting all your eggs in one basket” problem is this. OpenID is like putting your money into a bank, and them issuing you a ATM card. You can use that card anywhere, and each bank has different security. Right now, you are trusting every specific bank branch with security. Even though some have bad security, and some are much much better. I for one, would like to put my money in one VERY secure bank, with good features. If something goes wrong, I should be able to go to my bank and they will fix the problem. (The many different openid providers will handle security problems in different ways)
So you have good choices, and probably soon some sort of security ratings for different OpenID providers.
I thought I was the only one who noticed that. Yes, please learn the proper usage of punctuation if you’re going to write something that you want people to read. If you can take out the entire sentence fragment between a pair of commas and the sentence still reads properly, then you’ve used commas correctly. Otherwise, leave one or both of them off.
9+2 = 1,1
lol
Learn,how,to,RELAX,please.
it’s called sarcasm – just making fun of the other person for being anal about punctuation on a comments board.
What is to prevent a web site from doing an actual “HTML/web” redirect to a fake openid site where you “authenticate” your password a bunch of times in a futile attempt to log in? And then have this phishing site immediately contact the real openid server and change your password which then gets stored for spamming comment sections of web sites or whatever else they come up with?
People fall for this stuff all day long, so there is no improvement over the current state of affairs regarding passwords. Only this way, if you lose the one account, you’ve lost everything.