The ever-increasing number of passwords and user names to remember is at best cumbersome and at worst a major security risk. It also is bad for merchants. In 2006, seven companies founded OpenID, a service that uses a central source to validate user credentials across all participating sites. While it has garnered some support, the general impression is that the initiative wasn't getting enough traction. That may be turning around, however. Last week, Google, IBM, Microsoft, VeriSign and Yahoo joined the board.
A blogger at Profy offers insight into what the ascension of the powerful companies to the OpenID board means. He sets up those comments with his description of Yahoo's current unsatisfactory OpenID implementation. Earlier this year, the writer says, the company began supporting OpenID accounts, but didn't allow users to merge them with existing OpenID accounts. This clearly defeats the purpose of deploying the system. A link to a previous post on the situation is offered.
The blogger suggests that the move of the big companies onto the board could help OpenID evolve beyond this fractured approach and lead to more uniformity in the way OpenID is applied. More specifically, he says, each company has strengths it will bring to the table. For instance, Microsoft is the "king of conformity," so it could help standardize OpenID. Yahoo is good at addressing the younger, Web-intensive demographic that could most benefit from the system. Google's huge profile would make it a valuable overall promoter of the approach. These companies will help crystallize the feeling that multiple IDs is a problem and that OpenID is the way to solve it.
It is understandable to assume that OpenID is complex, and it certainly is at the technical level. Conceptually, however, it is surprisingly simple. This is a very nice lay person's description of how OpenID works. The writer says this is his first attempt to explain the procedure in non-technical terms, and he obviously took great care in doing so.
The system is simple: When somebody tries to use their OpenID password to gain entry to a site or a section of a site, they are sent to their OpenID provider. The person enters their OpenID password. If it is correct, the site to which the party wants to gain entry is alerted and the user is allowed in. In addition to standing guard, OpenID can provide the site with details such as gender and location.
The system, of course, relies to a great extent on sophisticated technology. This week, TrustBearer Labs combined its TrustBearer Access software with OpenID. TrustBearer, according to the release, uses smart cards, USB tokens and fingerprint biometrics for authentication.