Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Now Supports OpenID

Posted by Zonk on from the making-progress dept.

Nurgled writes "On Sunday John Panzer announced that AOL now has experimental OpenID server support. This means that every AOL user now has an OpenID identifier. OpenID is a decentralized cross-site authentication system which has been growing in popularity over the last few months. AOL is the first large provider to offer OpenID services, and though they do not currently accept logins to their services with OpenID identifiers from elsewhere, they are apparently working on it. The next big challenge for OpenID proponents is teaching AOL's userbase how to make use of this new technology."

9 of 163 comments (clear)

  1. Re:So?? by MisterCookie · · Score: 3, Insightful

    People who don't want to manage 5000+ usernames.

  2. Why would we want OpenID? by Anonymous Coward · · Score: 5, Insightful

    Single sign-on across the internet is a bad idea. As more sites require it, people's web browsing habits will be tracked on an unprecedented scale. Seriously, what benefit does it provide? I certainly don't want to log onto my bank's website automatically. And in general, I don't want to reveal anything about my identity unless there is a very good reason to do so. The whole purpose of OpenID and similar technologies is to make it easier to track people. This is not the way I want the internet to develop.

    1. Re:Why would we want OpenID? by jalefkowit · · Score: 5, Insightful

      Your knee is jerking. You're reacting to the centralized authentication systems like MS Passport that we've seen in the past, which would indeed make it easier to track people. OpenID is fundamentally different in that there is no one centralized identity provider. You can use AOL as your OpenID provider, or another provider, or even set up your own OpenID server on your own hardware and use that if you can't find one you can trust -- hard to think of a scenario that would be more tracking-proof than that. Read more about OpenID, it's not what you think it is.

      --

      Read my blog.

  3. Re:So?? by memojuez · · Score: 3, Insightful

    It's a last ditch effort by AOL to stay relevant to the rest of the InterWebs.

    --
    Signature applied for, Patent Pending
  4. The problem with single sign-on... by Phleg · · Score: 4, Insightful

    One major problem I see with this sort of initiative is spoofing of your provider's sign-in page. Unlike spoofing in its current form, if someone was able to get the password for your OpenID provider, he'll have access to every single one of the accounts you've used that ID with. It's putting all your eggs in one basket -- with the way everything is currently handled, your sign-on information to an individual site may be compromised, but you won't lose everything else.

    Is there a solution to this kind of problem, or is OpenID really only targeted to low-risk authentication; i.e., for forums and social networking sites?

    --
    No comment.
  5. It's phishing time! by smack.addict · · Score: 4, Insightful

    OpenID is the phisher's dream. I honestly don't get what would motivate someone to implement this specification.

  6. Re:Cool... by fyrewulff · · Score: 3, Insightful

    When I worked at the library, a majority of the tweens and teens came in just to check/update their MySpace. they didn't even have a computer at home.

    --
    "We need to get over this notion, that, for Apple to win... Microsoft must lose." - Steve Jobs, 1997
  7. Re:This is a huge blow to privacy on the net... by TheRaven64 · · Score: 3, Insightful

    Think what it could be like when sites only accept OpenID authentication coming from certain sources like the provider your IP is originating from? Then people won't go to those sites, because they won't be able to access them from public terminals, their friends house, or use the same account from home as they use with their mobile phone.

    The idea sucks and I didn't even get started on how it allows the operator of an OpenID authentication service to track which sites you go to. The operator of the OpenID authentication service is you, or whoever you delegate the responsibility to. If you choose to ask a random person to look after your keys, don't be surprised if your house gets burgled.
    --
    I am TheRaven on Soylent News
  8. Re:OpenID vs OpenPrivacy? by Broadcatch · · Score: 4, Insightful

    "OpenID is a simple single sign-on mechanism advanced by Brad Fitzpatrick of LiveJournal. In OpenID, your identity is a URL." - http://en.wikipedia.org/wiki/OpenID

    Basically, OpenID provides for distributed authentication.

    IMO, what makes OpenID interesting is that in the 2.0 protocol, XRI (i-names) have been included, which opens the door to enabling selective, authenticated authorization of access to services, be it as simple as the ability to contact me (I would allow any parent of a child in my kid's pre-school class to phone me) or as complicated (eventually) as any contract you can imagine.

    OpenPrivacy, on the other hand, assumes such services as a starting point, which is why I suspended development of OpenPrivacy in 2002 and began working on XRI/i-names. OpenPrivacy will use sophisticated techniques such as zero-knowledge proofs to enable distributed reputation providers and truly pseudonymous identities that cannot be traced to their owner (unless such verification is mutually requested), but it requires strong, secure identity as a starting point.

    I look forward to creating grassroots i-names-enabled communities soon (starting in March, if all goes well) and eventually getting back to my OpenPrivacy roots - which is where (IMO) things start getting really interesting.

    --

    The antidote for misuse of freedom of speech is more freedom of speech.
    -- Molly Ivins