Initial Thoughts on OpenID
Posted in authentication, singlesignon, openid Sat, 07 Jul 2007 20:39:00 GMT
There has been a lot of talk about OpenID so I decided to take a look at it and think about some of the potential issues with respect to broad adoption and integrating it into a website as a relying party. There have been numerous attempts to either improve the security of authentication via the web or improve the usability with SSO (Single Sign-On) including client SSL, OTP tokens, USB tokens, AmEx Blue smart cards, Microsoft Passport, Verified by Visa, etc. Many of these had SSO capabilities but none has been able to supplant local passwords. It will be interesting to see if OpenID can succeed where these others have failed. Here are my thoughts after watching two screencasts but before following the mailing lists. I'm now reading the list archives and it seems a number of similar issues are being discussed.
Read more...