Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Joins OpenID Coalition

Posted by timothy on from the inflection-point-perhaps dept.

the4thdimension writes "MySpace has joined a coalition of other big-name e-services in support of OpenID. If you aren't familiar with the OpenID coalition, they are a group that seeks to allow users to create a single account/password set to be used on a number of services. Such services already signed up include: Google's Blogger, Wordpress, AOL, Yahoo, Vox, LiveJournal, and others." Reader gbjbaanb adds a link to the BBC's coverage and points out that MySpace's 100 million users would mean nearly a doubling of the approximately 120 million OpenID accounts now in use, writing: "Initially support is to use MySpace OpenIDs as providers only — i.e. you cannot logon to MySpace with an OpenID created elsewhere, but that policy will change in the future. This should help to make OpenID the de-facto login mechanism for the Internet, now if only Microsoft would support it, there are plenty OSS OpenID libraries available."

3 of 272 comments (clear)

  1. Re:Anonymous SSO? by thrillseeker · · Score: 5, Informative

    The openid protocol allows you to limit the information given to the system you're logging into to a minimum of "authenticated" - that is, no additional; information such as a (verified) email address is passed, though one is still required for an openid account establishment. It's up to the requesting system whether that minimal information is sufficient. Of course, your IP address can still be captured unless you use an anonymizing proxy.

  2. Re:Problem by Anonymous Coward · · Score: 5, Informative

    So pick an OpenID provider that uses something more secure than a single password. There are providers that use hardware tokens, OTP's, etc.

  3. Re:OpenID? by phoenix.bam! · · Score: 5, Informative

    I don't think you understand how openid works. The only way to compromise all sites is for your openid provider to be compromised. You only provide 3rd party sites with a URL which points to your openid provider. You are forwarded to your openid provider (SSL cert verifies to you that the provider is legit.) You enter your credentials to the openid provider who then sends over a back channel that you are verified back to the 3rd party site. At no time does the 3rd party site have any of your authentication credentials and therefore can not access anything on other sites which you use that openid account for.