Microsoft to Support OpenID
SAN FRANCISCO: Microsoft Chairman Bill Gates today said his company would throw its support behind "OpenID," an open-source, distributed identity management system that seeks give computer users a more secure way to manage their online credentials.
"Everywhere you go on the Web there are issues about reputation and trust," Gates said in the keynote address this morning here at the RSA Security conference here. "Some blog environments want anonymous people to [be able to] say anything, and in other environments, they want you to represent some credentials about who you are. And that's just not going to scale with the kind of password thing we have today."
In a (very simplified) example, OpenID works like this: The key to your online identity is a Web address, such as http://myblog.someplace.com. You pick one of several OpenID providers -- such as Vox, OpenID, Verisign or LiveJournal (OpenID is the brainchild of LiveJournal founder Brad Fitzpatrick) -- to be the trusted host for your identity credentials. When you visit a site that has implemented OpenID, you're asked to enter your personal Web address, which you've configured to query your identity credentials stored at your chosen OpenID provider, which in turn will ask you to login using whatever credentials it requires. These couple of blogs have more coherent and complete explanations of how OpenID is supposed to work.
OpenID is most often cited as a way to help Internet users navigate the zillions of blogs and other Web 2.0 applications that require users to sign up and manage different usernames and passwords. Some advocates say it also has the potential to help users guard against phishing scams and related forms of online fraud, but others say the whole system is likely to be a boon for phishers and online scam artists everywhere.
Gates said Microsoft would support OpenID 2.0 in conjunction with CardSpace, a feature similar in nature to OpenID that is built in to Windows Vista. CardSpace seeks to make managing digital identities easier and safer by replacing usernames and passwords as the means of identifying oneself on the Web.
Microsoft's acceptance of an open standard is being cautiously praised by many technologists in the blogosphere, who see the software giant's participation as key to fixing the more complex problems with online identity management and authentication. Microsoft has tried to control the online ID space in the past with programs like MSN Passport, which largely failed to gain traction beyond Microsoft's own online properties. Single sign-on programs also have been touted by Yahoo! and Google.
Bruce Schneier, a cryptography expert and chief technology officer for online security provider BT Counterpane, greeted Microsoft's announcement with reservation, saying Microsoft has a long history of "supporting and then co-opting" open standards.
"They tried to get their own system working, and I think it's telling that they are now supporting an open system," said Schneier, who's giving a talk at RSA later today on what he calls "the psychology of security."
"In some ways it's worrisome, but I'm reasonably confident in the Web 2.0 world that the distributed control of OpenID is strong enough, that it's not Microsoft-driven," he said.
Posted by: Joe Don | February 7, 2007 6:54 AM | Report abuse
Posted by: SKV | February 7, 2007 8:30 AM | Report abuse
Posted by: SKV | February 7, 2007 8:31 AM | Report abuse
Posted by: Moike | February 7, 2007 8:45 AM | Report abuse
The comments to this entry are closed.