Network News

X My Profile
View More Activity

Microsoft to Support OpenID

SAN FRANCISCO: Microsoft Chairman Bill Gates today said his company would throw its support behind "OpenID," an open-source, distributed identity management system that seeks give computer users a more secure way to manage their online credentials.

"Everywhere you go on the Web there are issues about reputation and trust," Gates said in the keynote address this morning here at the RSA Security conference here. "Some blog environments want anonymous people to [be able to] say anything, and in other environments, they want you to represent some credentials about who you are. And that's just not going to scale with the kind of password thing we have today."

In a (very simplified) example, OpenID works like this: The key to your online identity is a Web address, such as http://myblog.someplace.com. You pick one of several OpenID providers -- such as Vox, OpenID, Verisign or LiveJournal (OpenID is the brainchild of LiveJournal founder Brad Fitzpatrick) -- to be the trusted host for your identity credentials. When you visit a site that has implemented OpenID, you're asked to enter your personal Web address, which you've configured to query your identity credentials stored at your chosen OpenID provider, which in turn will ask you to login using whatever credentials it requires. These couple of blogs have more coherent and complete explanations of how OpenID is supposed to work.

OpenID is most often cited as a way to help Internet users navigate the zillions of blogs and other Web 2.0 applications that require users to sign up and manage different usernames and passwords. Some advocates say it also has the potential to help users guard against phishing scams and related forms of online fraud, but others say the whole system is likely to be a boon for phishers and online scam artists everywhere.

Gates said Microsoft would support OpenID 2.0 in conjunction with CardSpace, a feature similar in nature to OpenID that is built in to Windows Vista. CardSpace seeks to make managing digital identities easier and safer by replacing usernames and passwords as the means of identifying oneself on the Web.

Microsoft's acceptance of an open standard is being cautiously praised by many technologists in the blogosphere, who see the software giant's participation as key to fixing the more complex problems with online identity management and authentication. Microsoft has tried to control the online ID space in the past with programs like MSN Passport, which largely failed to gain traction beyond Microsoft's own online properties. Single sign-on programs also have been touted by Yahoo! and Google.

Bruce Schneier, a cryptography expert and chief technology officer for online security provider BT Counterpane, greeted Microsoft's announcement with reservation, saying Microsoft has a long history of "supporting and then co-opting" open standards.

"They tried to get their own system working, and I think it's telling that they are now supporting an open system," said Schneier, who's giving a talk at RSA later today on what he calls "the psychology of security."

"In some ways it's worrisome, but I'm reasonably confident in the Web 2.0 world that the distributed control of OpenID is strong enough, that it's not Microsoft-driven," he said.

By Brian Krebs  |  February 6, 2007; 5:40 PM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Super Bowl Site Trojan Aims to Nab Passwords
Next: When Security Companies Fail

Comments

Quote "Bruce Schneier, a cryptography expert and chief technology officer for online security provider BT Counterpane, greeted Microsoft's announcement with reservation, saying Microsoft has a long history of "supporting and then co-opting" open standards."

What are you smoking man?

Posted by: Joe Don | February 7, 2007 6:54 AM | Report abuse

This is reminds me Microsoft "support" for W3C (World Wide Web Consortium - regulatory group for web related standards like HTML, XML, DOM) Microsoft joined them, pushed through number MS specific extensions; walked away; came back only to push more own stuff to be part of standard. It also was awarded patents on some key web technologies like stylesheets. Most these standard groups are verrrry slow and full of mouse fights. That allows big companies hijack whole technology areas and impose not-well-thought standards or even worse use it to fight competitors.

Posted by: SKV | February 7, 2007 8:30 AM | Report abuse

This is reminds me Microsoft "support" for W3C (World Wide Web Consortium - regulatory group for web related standards like HTML, XML, DOM) Microsoft joined them and pushed through number MS specific extensions; walked away; came back only to push more MS specific stuff to be part of standard. It also was awarded patents on some key web technologies like stylesheets. Most these standard groups are verrrry slow and full of mouse fights. That allows big companies hijack big technology areas and impose not-well-thought standards or even worse use it to fight competitors.

Posted by: SKV | February 7, 2007 8:31 AM | Report abuse

OpenID is sure to become a major phishing target. Just like Bank of America SiteKeys did nothing to reduce phishing - the phishers just ask the SiteKeys security questions as the phish.

Posted by: Moike | February 7, 2007 8:45 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company