Thursday, October 30, 2008

There can be only one, or not...

The OpenID logoImage via Wikipedia
Wikipedia: OpenID is a shared identity service, which allows Internet users to log on to many different web sites using a single digital identity, single sign-on, eliminating the need for a different user name and password for each site. OpenID is a decentralized, free and open standard that lets users control the amount of personal information they provide.

An OpenID is in the form of a URL. This URL can be the domain name of your own website, or the URL of an OpenID identity provider. When you log in with an OpenID, you have to log in to the identity provider for validation.

It has been a good week for the shared identity service OpenID, on Monday, Microsoft announced that all Windows Live users would get an OpenID account, and Google has now announced it's plans for open support. We now have OpenID, Facebook Connect, Y!OS, Microsoft, AOL and Google all offering support which is great but is it really that open?

Now that all the big companies in identity management are involved surely it will only be a matter of time before everyone adopts the standard. The thing is that there isn't a standard, no set structure that everyone has to follow as no one owns the identity solution. The average Internet user has no idea what OpenID offers;

One ring to rule them all, one ring to find them, one ring to bring them all, and in the darkness BLIND them.

That's right blind them because with no standard the big companies are just going to consolidate their users, raising the question where is the openess?

Take Google who announced their support for OpenID, okay it’s open but unlike both Yahoo and Microsoft their implementation of OpenID doesn’t actually work like the standard says it should… Instead they're using their own version of OpenID that is incompatible with everyone else. Confused? I am as well and that's why I am more excited about Facebook Connect which as I see as being the best thing for OpenID.

According to sources Facebook have set a high standard with their offering. As well as making it possible for users to register for a site by using their Facebook account and without disclosing any personally identifiable information. They also give the website access to the user's news feed and enabling viral distribution of content and activity through the feed.

My only concern with Facebook Connect is the increase of phished accounts, Facebook is a trusted and recognized brand and who is to say mockup sites aren't going to take advantage by using the login process to obtain credentials.

For any company, using Facebook Connect doesn’t solve all your problems. The primary downside of using Facebook Connect is that you don’t get access to personally identifiable information of that user. I want to have access to a user’s email address so I can contact them in the future. Unfortunately Facebook prevents that. If you want to read more on this check out my article from July about Facebook Connect as OpenID without email. [Source]

There is a long way to go until we have a true OpenID standard, stay tuned as this looks like it will go the distance...

Reblog this post [with Zemanta]