Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Case for OpenID

Posted by Zonk on from the halt-and-identify-yourself dept.

An anonymous reader writes "VeriSign and NetMesh are making the case for OpenID, the grass-roots, decentralized digital identity system already supported by LiveJournal, Six Apart, Technorati, VeriSign and many startups, reportedly growing 5% every single week. They say OpenID 'is fundamentally different from other identity technologies' because it is a 'fully decentralized system' and has a 'much lighter cost structure' than any alternative, like Microsoft Passport, CardSpace or Liberty Alliance. Time to remove username and password from your site and add OpenID libraries instead, so visitors can authenticate with their blog URL?" From the article: "If tomorrow, for example, you decide you don't like the Diffie-Hellman cryptographic key exchange at the root of OpenID authentication, you can develop your own way of authenticating, and deploy it within the OpenID framework. If you have an idea for a new identity-related service that nobody else ever thought of, you can deploy it into the OpenID framework as soon as your code is ready. This radical decentralization on all levels of the stack, both technically and organizationally, is a very strong catalyst for attracting innovators and their innovations. This makes OpenID a superior choice for identity-related innovation."

2 of 229 comments (clear)

  1. Re:No way! by mmurphy000 · · Score: 4, Interesting

    There's been discussion of OpenID providers offering aliases, so you could have a number of distinct "IDs" you mix-and-match with, but they're all validated by an OpenID provider. I don't think the spec says one way or another regarding this; it would be a feature of whichever OpenID provider you used for your identity.

    --
    The Busy Coder's Guide to Android Development
  2. Re:No way! by Blakey+Rat · · Score: 4, Interesting

    Well, I'm not you and I'm damned sick of having to keep a long-ass list of usernames and passwords for sites I really don't care much about. If I have to register to post a comment on some blog, I don't really care if someone steals that registration or password because I'm not likely to ever visit that blog again. If I could use a single ID to avoid registering at different sites 4 days a week, I'm all for it.

    The second point is that nobody's holding a gun to your head and forcing you to use it. If you don't like it, just create a new password for each site anyway. It doesn't prevent that.

    (Sidenote: Stop requiring registration for moronic things! I don't want to give you any personal information to post in a damned blog!)

    (Also, why do all these misguided technophobe posts always get modded up first? I thought this was a site for technology enthusiasts.)

    --
    Comment of the year