I’ve written about single sign-ons before so I thought this next item will be of interest to those of you who are, well, interested in single sign-ons. This morning I came across this post on Read/Write/Web titled "OpenID vs the Identity Systems of Yahoo, Google and MSN" which takes a look at OpenID as a single sign-on option.
The post has a pretty detailed look at similar single sign-ons on networks like Microsoft’s MSN network and the Yahoo! network and a nifty screencast showing how to use OpenID to log-in to supporting sites (keep clicking on the play button to get the screencast to advance). Not too sure what OpenID is? Here is some information for you:
OpenID is an open, decentralized, free framework for user-centric digital identity.
OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity.
The first piece of the OpenID framework is authentication — how you prove ownership of a URI. Today, websites require usernames and passwords to login, which means that many people use the same password everywhere. With OpenID Authentication (see specs), your username is your URI, and your password (or other credentials) stays safely stored on your OpenID Provider (which you can run yourself, or use a third-party identity provider).
To login to an OpenID-enabled website (even one you’ve never been to before), just type your OpenID URI. The website will then redirect you to your OpenID Provider to login using whatever credentials it requires. Once authenticated, your OpenID provider will send you back to the website with the necessary credentials to log you in. By using Strong Authentication where needed, the OpenID Framework can be used for all types of transactions, both extending the use of pure single-sign-on as well as the sensitivity of data shared.
Beyond Authentication, the OpenID framework provides the means for users to share other components of their digital identity. By utilizing the emerging OpenID Attribute Exchange specification (see specs), users are able to clearly control what pieces of information can be shared by their Identity Provider, such as their name, address, or phone number.
Today, OpenID has emerged as the de-facto user-centric identity framework allowing millions of people to interact online. With programs such as the I Want My OpenID Bounty, developers of Open Source projects are rapidly adding support for OpenID in order to enable their communities.
There are a number of OpenID registrars which include ClaimID and vIdentity. If you have a ClaimID account, for example, you also have an OpenID which you can use to log-in to services that support it and there is the limitation. Not every site that requires you to log-in to your account supports OpenID and until there is more widespread support we won’t begin to see a true single sign-on.
There are some concerns about a central repository of your information and which binds all your accounts. In theory someone who manages to access your OpenID details will have access to all of your accounts. I think that concern is valid for all services and while you can mitigate the risk of that happening by having different content on different sites, you find yourself faced with the same risk as soon as you start to standardise on, say, the Google or Yahoo! platforms.
Do you use OpenID to access your sites? What do you think about a truly universal sign-on?