Label Cloud

Saturday, January 17, 2009

OpenID – Using it and Liking it

You might have noticed a little icon on some of the sites you are visiting. The icon is a log of the OpenID network. From the openid.net, “OpenID is a free and easy way to use a single digital identity across the internet.”

OpenID was developed in 2005 and is now accepted by many mainstream websites. Some of the big players are Google, Yahoo!, IBM, Microsoft, AOL, MySpace. More history on Wikipedia. OpenID is a very open API and a number of Open Source free libraries are available for a variety of languages. A list more then 30 is available at the http://wiki.openid.net/Libraries

For me the benefit of OpenID is tremendous. I have a large number of sites that I register on, and having to remember my User ID and Password is a hassle. There is the option of using the same one for all the websites, but then having them in sync is even worse. OpenID provides a perfect solution. One secure website to manage remember and use.

I was following a discussion on StackOverflow on why NOT to use OpenID. Main points are

  • If the UserID / Password is compromised then attacker will get access to all sites that are registered with OpenID
  • Overall complexity, an less then technical user would have a hard time registering and using OpenID

My suggestions to OpenID use,

  • Do not use it on the sites where account security it critical (For example anywhere money is involved)
  • Use a trusted OpenID provider (Google, Yahoo!)
  • Create a strong password on the OpenID provider

Here some more Pro/Con links with very good points to read.

http://www.shoemoney.com/2007/02/20/11-reasons-why-openid-rockssucks/
http://radar.oreilly.com/archives/2007/02/pros-and-cons-o.html
http://lifehacker.com/software/technophilia/one-openid-to-rule-them-allor-not-302156.php
http://idcorner.org/2007/08/22/the-problems-with-openid/


Share/Save/Bookmark

No comments: