With Microsoft, Google, Yahoo, IBM and VeriSign joining its board, the notion of an online universal identifier does not look like a pipe dream any more…
“The OpenID framework allows people to use a single user name and password to sign into sites that support it…”
San Francisco — The OpenID Foundation announced on Thursday that Google, IBM, Microsoft, VeriSign and Yahoo were onboard for the single sign-on identity system, becoming the first corporate members up until this point, paving the way for Internet users to have a single log-in and password for major Web sites.
More than 10,000 Web sites now support OpenID log-ins, according to the foundation. Last month, Yahoo announced its 248 million active registered users could begin using their handle and password to login to non-Yahoo Web sites that support the OpenID 2.0 framework.
The Foundation was formed by seven community members with the goal of helping promote, protect and enabling the OpenID technologies and community.
While the OpenID Foundation serves a stewardship role around the community’s intellectual property, the Foundation’s board itself does not make any decisions about the specifications the community is collaboratively building.
“Today’s announcement marks a milestone in the maturity and impact that the OpenID community has had.”
Other members include executive director Bill Washburn, Scott Kveton from Vidoop, David Recordon from Six Apart, Dick Hardt from Sxip Identity, Martin Atkins from Independent, Artur Bergman from Wikia, Johannes Ernst from NetMesh and Drummond Reed from Parity Communications.
“This really puts, very strongly and clearly, an important first piece of the puzzle in place,” said Washburn.
Washburn added, that Web entrepreneurs and site operators have increasingly acknowledged the need for a trusted universal identifier that site visitors can use to access all their favorite Internet destinations.
Though a number of initiatives have emerged to provide common logins, most notably Microsoft’s Passport, “none has taken hold,” Washburn said.
The OpenID proposes a technology that allows users to create one identity that will work for an unlimited number of Web sites, which means we can forget about all those IDs and passwords we often lost track of.
“With this support from the new company board members, the OpenID Foundation will be able to continue to promote and protect the technology and its community moving forward,” said Washburn. “The community has clearly expanded since the inception of the foundation and these companies will help bring OpenID into the mainstream markets.”
Mitchell Savage, executive vice president of Vidoop, which provides secure log-ins on the OpenID platform, said, “The addition of these organizations to the OpenID Foundation is an immense step forward not just for OpenID, but for every Internet user who is fed up with maintaining scores of user names, passwords, cookies and credentials. A snowball just started down a very big hill called the entire Internet.”
The idea sounds good, but there is still a long way to go before it can be fully implemented, as the OpenID Foundation has managed so far to convince just a small fraction of the Web sites.
The foundation however is looking forward to this year to co-opt new board members: “In 2008, we can expect to see a larger focus on making OpenID even more accessible to a mainstream audience, the development of a worldwide trademark usage policy (much like the Jabber Foundation and Mozilla have done), and a larger international focus on working with the OpenID communities in Asia and Europe,” an official statement said.
“We think this is one of the largest efforts put into identity management as far as the Internet is concerned,” said Anthony Nadalin, an IBM distinguished engineer and chief security architect for Tivoli software, in an interview Thursday.
Nadalin could not pinpoint when the vendors’ new level of involvement with OpenID will produce tangible results. “This takes a little bit of time, understanding and agreeing on the issues, and where we need to drive this set of technology,” he said.
“IBM is well-known for its ability to produce secure protocols,” he added. “We have quite a bit of talent to bring to this foundation.”
“Yahoo’s commitment to an open web is a significant validation of the OpenID movement and Yahoo!’s adoption of the standard today immediately triples the total number of people able to use OpenID,” said Scott Kveton, chairman of the Board of Directors of the OpenID Foundation, in a statement.
Google’s participation is likely to be of particular interest to privacy advocates, given its recently approved purchase of DoubleClick and its vast trove of data about consumer online activities.
Longtime privacy advocates like Lauren Weinstein, co-founder of the People for Internet Responsibility, have pointed out that as more critical user data is concentrated in fewer locations, the risks of a breach of those locations rise. In addition, Weinstein argues, the OpenID platform may result in participating companies routinely sharing information in ways not immediately obvious to consumers.
VeriSign also has a long partnership with OpenID, said Nico Popp, the company’s vice president of innovation. Popp said in a statement that in the future, a top priority will be to ensure that the standards and protocol of OpenID remain open.
“We will definitely be very active supporting the mission of the foundation,” he said. “The core mission is to protect the intellectual property,” he added, citing the success of open security protocols SSL and DNS.
Combining the brain trusts behind VeriSign Identity Provider and IBM’s Tivoli identity management software should go a long way to secure OpenID while ensuring that the protocols remain open, supporters said.