Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenID Foundation Embraced by Big Players

Posted by Zonk on from the friends-in-high-places dept.

An anonymous reader writes "The OpenID Foundation has announced that Google, IBM, Microsoft, VeriSign and Yahoo! have all joined its board. It's exciting to see OpenID being embraced by such large players, but its also a concern that such big corporates are now directly influencing the fledgeling foundation. 'Today there are over a quarter of a billion OpenIDs and well over 10,000 websites to accept them. OpenID has grown to be implemented by major open source projects such as Drupal, cornerstone Web 2.0 services such as those by 37signals and Six Apart, as well as a mix of large companies including as Apple, Google, and Yahoo!. Today is about truly recognizing the accomplishments of the entire OpenID community which has certainly grown beyond the small grassroots community where it started in late 2005.'"

6 of 167 comments (clear)

  1. Re:Secure? by Brian+Gordon · · Score: 3, Insightful

    Very secure. Think about it- that means that every scummy admin on the internet doesn't have access to your password. You don't need a "junk websites that probably sell my username/password" tier, since authentication is handled by openid and not the scummy web server itself.

  2. Re:Secure? by owlnation · · Score: 2, Insightful

    You can create a OpenID and password for each site you visit.
    Sure. Of course. Um... remind me why I need an OpenID again?
  3. Re:Secure? by Bogtha · · Score: 3, Insightful

    Fine, but what happens once somebody does get your username and password, let's say a keylogger, or one of these fake banking sites designed to steal your password. Now they can get into everything.

    For practically everybody, this is already the case. At present, the username and password they need to crack are for your email account. Then they can access all your other accounts by extension via their forgotten password features.

    So the downside of OpenID is a downside that is already present. Something to think about, for sure, but hardly a deal-breaker that should prevent adoption.

    --
    Bogtha Bogtha Bogtha
  4. Re:Quite possibly by benjymouse · · Score: 3, Insightful

    Talking about FUD, it seems you are the guilty one here. here is some facts for you: 1) Passport has nothing to do with CardSpace. 2) CardSpace does not rely on Active Directory. Totally false FUD. CardSpace (as implemented in IE) insists on using a seperate "desktop" to avoid potential spoofing when you decide which card to "hand over". The "cards" are NOT kept in AD. Plugins exists for FF as well. 3) CardSpace is a totally open protocol which - unlike OpenID - ensures your anonymity across websites. 4) CardSpace is compatible with OpenID. It is not a competing technology; they complement eachother. In other words your CardSpace card can be OpenID based; it all about the "claims" part. Kim Cameron actually wrote the "laws of identity". Before being hired by Microsoft. Have you read them? Do you disgagree with any of them. Do you feel they are incomplete? Part of spreading FUD is playing on uncertainty by not being concrete in critisism. That way you can avoid rebuttals. What is your problem with that #7 item here? Please?

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  5. Re:Quite possibly by quantumplacet · · Score: 2, Insightful

    Yea, I was wondering if I was missing something there. I read the article and all the comments in the gp link, and basically I see Kim Cameron trying to explain what seem like some pretty reasonable security issues to some retard who keeps insisting that the current system is perfect because he knows how to read the address bar and certificate dialog....

  6. Re:Well... by Tacvek · · Score: 2, Insightful

    keep their own journal

    I don't think that's too much of a problem - if you're using a site enough to be doing something like keeping your own journal, it's not too much hassle to get an account. It is hassle to get an account just to make a single comment, which is the major hurdle OpenID overcomes.

    join a community

    I agree, this limitation seems a bit strange, especially as they allow OpenID users to keep friends lists.

    comment on posts that have restricted comments to LiveJournal users

    Although that's a choice that's up to the journal owner. They had to have that really, as originally there was the option to disallow anonymous comments, but for backwards compatibility, I think OpenID would have to fall into the same category. But it would be nice to have an option that says "Allow LiveJournal or OpenID comments, but not anonymous". But setting up an OpenID server that automatically authenticates anybody who types in that url (does not attempt to verify identity) is trivial. Any such URL is then an anonymous OpenID. That more or less would defeat the point, would it not?
    --
    Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524