Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Case for OpenID

Posted by Zonk on from the halt-and-identify-yourself dept.

An anonymous reader writes "VeriSign and NetMesh are making the case for OpenID, the grass-roots, decentralized digital identity system already supported by LiveJournal, Six Apart, Technorati, VeriSign and many startups, reportedly growing 5% every single week. They say OpenID 'is fundamentally different from other identity technologies' because it is a 'fully decentralized system' and has a 'much lighter cost structure' than any alternative, like Microsoft Passport, CardSpace or Liberty Alliance. Time to remove username and password from your site and add OpenID libraries instead, so visitors can authenticate with their blog URL?" From the article: "If tomorrow, for example, you decide you don't like the Diffie-Hellman cryptographic key exchange at the root of OpenID authentication, you can develop your own way of authenticating, and deploy it within the OpenID framework. If you have an idea for a new identity-related service that nobody else ever thought of, you can deploy it into the OpenID framework as soon as your code is ready. This radical decentralization on all levels of the stack, both technically and organizationally, is a very strong catalyst for attracting innovators and their innovations. This makes OpenID a superior choice for identity-related innovation."

2 of 229 comments (clear)

  1. Re:No way! (OK, Setup several IDs) by G4from128k · · Score: 4, Informative

    Any website switching to openID exclusively will lose my business

    There's no need to abandon a place just because they use openID. Why not setup multiple IDs with different user names, passwords, and email addresses? (I assume that's possible under OpenID?).

    I agree that a single collection of IDs (all-eggs-one-basket) represents a dangerous single point of failure. But just because someone implements a new potentially better basket doesn't mean you have to put all your eggs in that basket or avoid using sites that use that type of basket.

    --
    Two wrongs don't make a right, but three lefts do.
  2. Re:so it will be OpenID to bind them by semifamous · · Score: 4, Informative

    So then change your password daily.

    Or, you know, since it's OpenID and you have complete control over the server, have it set up in such a way that only your IP address can see the password in plain text when you want to log in.

    Here's how it works:
    You go to a site that uses OpenID. You enter the address of your site to authenticate. You are then redirected to your own website to authenticate (unless you're already logged in.) At this point, the server you set up should ask you if you really want to trust this other site with your identity. You can trust it once and post your new comment, or trust it always if you plan on posting frequently and have that info saved on your server somewhere. Or you can change your mind and not trust it at all.

    If you want to implement a password system that nobody can ever figure out, then have it automatically generated and maybe sent to you via email every day in some encrypted format that only you can figure out.