Email
Password
Remember meForgot password?
    Log in with Twitter

article imageOpenID: The Web Ideal?

By Paul Wallis     Jan 18, 2008 in Internet
OpenID is a single log on across multiple websites. The idea’s been around for a while, not least among disgruntled people with a herd of passwords and account names. However, things have now moved up a league, with Yahoo! getting on the bus.
This is a sticky subject, because it relates to a lot of issues online, not least of which is identity fraud, and the security of online transactions. Feet have been cold in that regard, as The San Francisco Chronicle explains:
…Furthermore, OpenID's success depends on a large number of Web sites allowing financial transactions, such as e-commerce or banking, based on its system, Blakley (Bob Blakley, an analyst for the Burton Group) said. None has stepped forward, he said, because of the risk of fraud and potential liability of the Web site that was duped in verifying the culprit's identity.
"It provides a relatively low level of protection against people who are committing identity theft," Blakley said
.”
However, the fact remains that net users are saddled with an increasing supply of accounts, which is unwieldy for some and plain annoying for others. Security isn’t necessarily dependent on one ID or a hundred.
OpenID currently only works on 9000 sites. That’s a very small drop in a very large ocean. Some of the reviews have been less than wildly enthused. Business Week reviewer Rob Hof, for example, is skeptical:
Call me cynical, but I’m also a little suspicious of the unbridled enthusiasm of so many Web companies for something that will identify us all around the Web. As the OpenID site puts it: “With OpenID, you create a single username and password, along with some data about you.” (Italics added.)
My question is, what kind of data? There’s something of an example here. And to OpenID’s credit, the notion here is to give users control. But will they take it? I suspect many people will not. For instance, if you’re on AOL, did you know you automatically have an OpenID profile now? Most people online are pretty lazy when it comes to maintaining control of their data online
.”
OpenID.net is an enthusiastic, noble-minded sort of site. Idealism seems to have found a second home on the net, having been cast out from most media venues.
Despite which, the idea is practical, if it can sell to the big financials. If PayPal, VISA, and others, can use it, and there’s some reason to believe they can, it can save a lot of hassle for all of them. PayPal, in particular, could adapt pretty easily, because of its online focus and methods. They wouldn’t have to do much with it to fit it in to their current business model. Ebay would be another to whom fewer IDs would be a godsend.
Number crunching costs money. It could make online shopping a lot easier, make security checks easier, and consolidate people’s online business… if it works, and if there’s no new security issues. If all it means is a reduced volume of identities to deal with, that figures out as a cheaper set of problems.
OpenID isn’t a difficult thing to operate. The OpenID.org site startup site sets out a very simple process where the OpenID user account acts as a third party for email, which seems a little indirect compared to the rest of the imagery, but it’s a form of added distance between users and direct access from the net.
Sooner or later, something which equates ID with a form of built in protection will be the standard for the internet. The current situation is based on an ad hoc approach, multiple systems with multiple forms of security, some working, and some not. It’s hardly ideal.
OpenID is at least approaching the idea of a workable global ID. It can work. It’s arguable that the sheer number of accounts on the net is creating the security problems, rather than isolating them or confining them.
The problem is more likely to be convincing a very dubious market it’s safe.
More about Openid, Internet security, Identity