OpenID gains support for online single sign-on

A decision by major vendors like Microsoft and Google to support an online single sign-on project may mean IT managers need to reconsider their identity management strategy.

The OpenID Foundation on Thursday said VeriSign and Yahoo have also become members of its board, offering a major boost towards a system that aims to use one user name and password combination to access a variety of Web sites. OpenID, which was started by LiveJournal creator Brad Fitzpatrick, claims more than 10,000 Web sites have implemented its framework. The support of Yahoo will substantially increase its potential user base, as the search and portal firm said its 248 million active registered users could use their logins on other OpenID sites last month.

“It’s evidence that there is new identity layer of the Web that is emergent and that really needs to be attended to and built up in a way that works for everybody,” OpenID Foundation executive director Bill Washburn said. “A lot of the work that’s happened with OpenID is from real young, excited and obviously highly intelligent individuals who are in that place where they don’t know it can’t be done, so they go ahead and do it.”

Nico Popp, VeriSign’s vice-president of innovation, said his organization has been unofficially involved with OpenID for two years, contributing to open source libraries and working on the specification. The reason the members are going public now, he said, is that they have finally come to an agreement on how to handle intellectual property related to the framework’s development.

The idea of an online single sign-on has been something of an IT industry Holy Grail. Microsoft tried, and failed, to develop a platform called Passport, while Sun Microsystems and private sector firms like the Royal Bank of Canada formed a coalition called the Liberty Alliance to achieve similar objectives.

“A lot of these things didn’t have a grassroots effort,” Popp observed. “It was either the vendors, or a big company trying to do that on its own.” Anthony Nadalin, chief security architect for IBM Tivoli software, noted that previous efforts around online ID management were focused on the enterprise, whereas OpenID is more of a consumer play. That said, everyday individuals will no doubt use such systems at work, which means IT managers will need to pay close attention to it.

“I don’t think you’re going to see enterprises go out and change the PKI infrastructure in their shops,” he said. “There needs to be some bridging that happens between OpenID and what happens on the back end as far as access to applications. And it should be done in a seamless way.”

Popp agreed, adding that while OpenID claims a large number of supporting Web sites, many of them aren’t the kind of portals consumers use every day. “You’ll start seeing the (OpenID) technologies embedded into these (identity management) solutions. They will be part of the software, part of the services that they acquire or integrate within the enterprise.”

A key lynchpin for adoption of OpenID will also be commercial providers that allow users to make payments and ID users of software-as-a-service systems such as Salesforce.com, said Andras Cser, Forrester’s senior analyst of security and risk management. “What was announced today was not new protocols, it was support of something that’s been in existence for a while,” he said. “The technology is simple enough that really anyone can implement.”

A big focus over the next year will be on data portability – moving photos and text across social networking sites, for example – as well as better user experience, said Popp.

“There’s still too much typing in OpenID. We need to create this one or zero-click user experience. We’ve got to create more convenience,” he said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schickhttp://shaneschick.com
Your guide to the ongoing story of how technology is changing the world

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now