Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Joins OpenID Coalition

Posted by timothy on from the inflection-point-perhaps dept.

the4thdimension writes "MySpace has joined a coalition of other big-name e-services in support of OpenID. If you aren't familiar with the OpenID coalition, they are a group that seeks to allow users to create a single account/password set to be used on a number of services. Such services already signed up include: Google's Blogger, Wordpress, AOL, Yahoo, Vox, LiveJournal, and others." Reader gbjbaanb adds a link to the BBC's coverage and points out that MySpace's 100 million users would mean nearly a doubling of the approximately 120 million OpenID accounts now in use, writing: "Initially support is to use MySpace OpenIDs as providers only — i.e. you cannot logon to MySpace with an OpenID created elsewhere, but that policy will change in the future. This should help to make OpenID the de-facto login mechanism for the Internet, now if only Microsoft would support it, there are plenty OSS OpenID libraries available."

8 of 272 comments (clear)

  1. Defeat the purpose? by kgwilliam · · Score: 5, Insightful

    "Initially support is to use MySpace OpenIDs as providers only -- i.e. you cannot logon to MySpace with an OpenID created elsewhere" Ummm.... Doesn't that sortof defeat the purpose of a single username/password system? You have to create an OpenID for MySpace, and then you have to create a different OpenID for site XYZ. How many other sites are going to require that you create a new OpenID for their site?

    1. Re:Defeat the purpose? by CastrTroy · · Score: 5, Insightful

      What I don't get about OpenID is that it seems to give my OpenID provider access to every site I log onto. As much trouble as it is having to manage hundreds of logins, I don't think the proper solution is to proxy all my logins to some third party.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:Defeat the purpose? by Wolfger · · Score: 5, Insightful

      Absolutely. This is why OpenID is going nowhere fast. Everybody wants to be a provider, but virtually nobody wants to accept OpenID credentials from other sites. LJ does, and to my surprise Identi.ca has since day one, but most "OpenID sites" are providers only. It's sad, and makes baby Stallman cry.

      --
      Nothing to see here. Move along.
  2. Blah Blah Blah... by anom · · Score: 5, Insightful

    Until you actually let someone authenticate to your site using OpenID, you're not really helping anything. You're just spreading BS about how open you are when you're really just supporting further centralization around yourself. Until the big names start acting as Relying Parties, I don't wanna hear about it.

  3. Mixed up Facebook and Myspace in TFS by LighterShadeOfBlack · · Score: 4, Insightful

    Reader gbjbaanb adds a link to the BBC's coverage and points out that Facebook's 100 million users would mean nearly a doubling of the approximately 120 million OpenID accounts now in use

    No, I'm pretty sure he wrote in pointing that MySpace's 100 million users would nearly double the number of OpenID accounts.

    Jesus fucking Christ, is proof-reading really that hard?

    --
    Spelling mistakes, grammatical errors, and stupid comments are intentional.
  4. Re:Microsoft Support by gbjbaanb · · Score: 4, Insightful

    They do, Passpoor or maybe its Windows Livid, or something like that I think its called :-)

    The scary (and probably most likely) outcome is that MS embraces OpenID, adds a couple of you know, essential additions to it to support missing features that it absolutely requires for, say MSN Live Messenger, and then releases "OpenIDLive" which it touts as a completely standards-based* implementation of OpenID, just like it did with Kerberos.

  5. Re:DO NOT WANT by Serious+Callers+Only · · Score: 4, Insightful

    And if only ONE of those websites is compromised, my login is now compromised across the board,

    Take the trouble to read up on OpenID, and you'll find this is not the case. Having one site which you log in to compromised will not compromise the others. The only way you'd lose control of your openid identity is if your openID provider was compromised.

    You can also select how much information you disclose to different sites, revoke permissions to certain sites, and choose more secure login methods like certificates.

  6. Re:Web Monoculture by Sancho · · Score: 4, Insightful

    It's just a little different from that. Let's look at a couple of scenarios.

    Scenario 1: You have accounts all over the place. You use different passwords for each of them. You have multi-factor authentication for several of them.
    This is pretty secure, but of course, you have to remember your passwords. You may have to carry around several dongles. If a site is hacked and the password on it is recoverable, only that site is hacked. This scenario, however, is unrealistic for the masses.

    Scenario 2: You have accounts all over the place. They all have the same password. You probably don't have multi-factor authentication on any of them, but who knows--maybe your WoW account really is that important to you.
    This is horrible security. If a site is hacked, the attacker now has access to your entire web presence. You'll be forced to change your password in dozens of places, and you're almost certain to forget a few.

    Scenario 3: You have a single sign-on provider (like OpenID). You have accounts all over the place, but only a single password, stored on a single server. If that server is hacked, the attacker has access to all of your accounts for the time period that it takes you to realize the issue and change your authenticator to a new host. You don't have to remember a password for each site you visit. The individual sites never have access to your password. You may use multi-factor authentication on your OpenID site to reduce the liklihood that a hack will give carte blanche access to all of your accounts, and you don't have to carry around a dozen dongles to provide "something you have."

    Do you see how Scenario 3 is a compromise between the two? Do you realize that Scenario 2 is how most people use the web? Scenario 3 is better security than what most people use, while maintaining the convenience. If you don't like the idea of using OpenID, you aren't forced to. You can create a new OpenID for every website you wish to use. OpenID allows for better security in a realistic world (where people reuse passwords) when, currently, the only other option is password-management Hell.