Industry leaders join board of OpenID foundation

Several industry leaders in the tech industry, and in particular the online side of it, have officially joined the OpenID foundation as corporate board members, including Microsoft, Yahoo, Google, IBM, and VeriSign. This large step forward for the OpenID foundation could lead to quicker adoption of the technology which vows to eliminate the need for multiple accounts across different services, by essentially only making the user sign up once to use an account across all supporting services.

"With this support from these new company board members, the OpenID Foundation will be able to continue to promote and protect the technology and its community moving forward," said Bill Washburn, executive director, OpenID Foundation. "The community has expanded quickly since the inception of the foundation, and these companies will help bring OpenID into the mainstream markets."

Most, if not all, of these companies announced their support for OpenID long before today, but only today is that commitment set in stone–that is, we are almost certain to see OpenID appearing across Yahoo, Windows Live, Google, and many other online services.

In addition to making registration on sites easier, the OpenID Foundation also stresses the added security: only the information that a service needs will be given to it. So, once you register, only the company you register with has full access to the information.

However, the idea of OpenID is not without its criticisms. Many people feel that it would be very vulnerable to phishing attacks, thus giving a malicious person or group access to every single service registered under the same ID. In addition, the way it uses a third party to add information to the OpenID system has potential to make the service vulnerable.

View: OpenID
View: Wikipedia entry on OpenID

Report a problem with article
Previous Story

Windows Vista Service Pack 1 in the Wild

Next Story

RIAA: Client side filtering to stop piracy via encryption


Commenting is disabled on this article.

Oh good. Now if someone figures out a username AND password you use on Service A through whatever means (evil or benign), they have full access to Services X, Y, and Z, too. Fantastic idea. Not a flaw to be found.

That's why I think 2 factors authentication will be an important step for user account security, especially on the Internet.
That would stop a bit the account hijacking because of weak passwords.

I think I saw this subject about 5 times over several months on different technologies websites, and I haven't seen much progress on the corporate side.

So, once you register, only the company you register with has full access to the information.

Yeah right. Just like none of these companies have been tracking users. OpenID would be the perfect tracking system. Besides the privacy concerns, the security concerns are too serious to be discounted. If your OpenID is compromised, you will be in a world of pain.

I'll take convenience over paranoia anyway.

this is essentially Passport 2.0. and if I lost my passport ID, I'd still be in a world of pain. But losing your ID does take some degree of stupidity or serius security faults.

so far Passport has worked fine, and if you're stupid enough to give away your login detail or get scammed by the obviusly scame emails and PM's around... well though luck.

besides that it's not like this will be adapted to forums and stuff, everythign that uses this service is fairly large companies/services with big stakes in security and reputations to protect. Security will be thight and they won't be selling user information across or outside the service as that'd pretty much be suicide.

Sure many of them probably track what you do nside their own system both to aximize their own profits, but also to maximise their personal serice to you, wich in turn again helps with their profits. But OpenID won't make this easier for them, in fact it'll be exactly the same as it is today, only the user has a much easier time logging onto services without remembering hundreds of passwords and usernames.

Go see VeriSign PIP, they also offer two-factors authentication (password and token code) which are much more secure. Even if your password is keylogged, the randomly generated numbers you need with the token will render the captured information useless without the physical device.

Go see for more details

I agree this is a good move and a good project, having implemented support into some of my own Apps, I can see it's wide use and I've been waiting for a while for it to pick up!

I do however see how there are some potentially hazards problems with this technology