SECURITY

A Breakout Year for OpenID

By the end of 2008, more than 30,000 websites -- including many small businesses -- were using the digital identity protocol that streamlines consumers’ website registrations.
Advertisement

Nothing turns off shoppers faster than having to go through the sign-in process every time they jump over to a website where they’re already a customer or subscriber. Once is enough -- and that’s the whole idea behind OpenID.

OpenID is a portable digital identity that lets someone type in their user name and password once to log onto any website with the application built into its user registration process.

OpenID has been around since 2005, initially created so people could leave comments on blog posts without having to sign in again and again as they hopped from one blog to another. It gradually caught on with other types of websites and took off in 2008, when users reached a half billion, the number of websites on it tripled to 30,000 and major players such as AOL, Microsoft, Google and Yahoo threw their weight behind it.

OpenID taking off

OpenID’s open source is a free open-source protocol is one reason it’s taking off. Because no one owns it, a company’s website developer can download the code from websites such as Vidoop or JanRain and write it into the registration process at their own site. Then, once an Internet user registers at a participating OpenID website with their name, e-mail address, user name, and password, they can visit any other OpenID website and the second site will ping the first to see if the visitor is who they say they are and if verified, forego the sign-in process.

Even Facebook -- whose 150 million members make it the 800-pound gorilla of social networking -- could be getting on board. Facebook has its own digital registration protocol called Facebook Connect, but is contemplating joining the OpenID movement, according to Scott Kveton, a Vidoop vice president and current vice chair of OpenID.net, the non-profit foundation that promotes the standard. Facebook chose a proprietary architecture because at the time it was the only option for adding extra profile data to a digital ID, but now “they’d love to be very open with what they’re doing. I foresee them getting more involved,” Kveton says.

Addressing security concerns

While Web developers, open-source programmers and social networking experts are big OpenID fans, they don’t expect the average Joe to care much about it -- or even know it exists. If companies are doing their jobs right, Internet users will simply realize their identity can follow them anywhere -- and that’s good enough, Kveton says.

But some small business owners worry about security. “I don’t think I’d use it and I know people who freak out about it because they don’t want all their [passwords] in one place,” says Clyde Lerner, proprietor of In the Moment Computing, a Sunnyvale, Calif., computer services company. Instead, Lerner uses a password manager called Roboform that stores his passwords on his computer’s hard drive.

According to Kveton, OpenID is no more or less safe than someone’s e-mail account. If security is a priority, people can choose to get their OpenID account through a provider that adds extra layers of security onto it, such as Vidoop or JanRain.

SIDEBAR: OpenID Resources

Want to learn more? Here are some resources:

OpenID.net -- Home of the OpenID Foundation, the non-profit organization promoting the portable digital personal identification.

What is OpenID -- A 4-minute video explaining how OpenID works produced by Vidoop, a Portland, Ore., OpenID platform vendor and employer of Kveton, the OpenID foundation backer.

TheSocialWeb.tv Episode 24 -- The Jan. 20 episode of this weekly Web TV show includes a segment highlighting the OpenID platform’s accomplishments in 2008.

OpenID Wiki -- A library of links to companies that have written OpenID software code in a variety of programming languages including Java, Perl, PHP, ColdFusion, and more.

OpenID providers – Individuals who don’t have an OpenID through a blog or other online service can create one at websites such as myVidoop, Verisign’s Verisign Labs, JanRain’sMyOpenID and ClaimID.

Last updated: Feb 1, 2009




Register on Inc.com today to get full access to:
All articles  |  Magazine archives | Livestream events | Comments
EMAIL
PASSWORD
EMAIL
FIRST NAME
LAST NAME
EMAIL
PASSWORD

Or sign up using: