Google, Yahoo and Microsoft joined VeriSign yesterday at the OpenID-Foundation. The organization is working since 2006 on plans to introduce a Internet-ID-Card that will make all passwords obsolete. Critics warn, of course, about massive security risks involved in a "All-in-one-internet-pilot-license". You will get one password for all your log-ins. ..now this sounds truly scary to me.
From openID.net:
"In 2008, we can expect to see a larger focus on making OpenID even more accessible to a mainstream audience, the development of a World-wide trademark usage policy (much like the Jabber Foundation and Mozilla have done), and a larger international focus on working with the OpenID communities in Asia and Europe. Awesome!"
Awesome, my arse..
Friday, 8 February 2008
Compulsive Internet ID-Card coming soon?
Pin It
Subscribe to:
Post Comments (Atom)
The possibilities of this becoming worthy of fear are small. This movement is being developed by people. For the benefits of Open ID to truly be felt, the technology needs the support of large companies (so that their websites use it too).
ReplyDeleteWhat's their to be worried about? If you don't want one, cheat it and make as many as you want or don't use it.
The Atomic Bomb and the Ebola Virus where also developed by PEOPLE. Thanksverymuch.
ReplyDeleteIn the words of Jeremy Schoemaker:
1) It is (as yet) too complicated for average website owner to implement.
2) The security implications of this type of cross-site authentication haven't been fully explored.
3) OpenID doesn't necessarily provide trust. Theres nothing stopping a fake Mark Cuban from creating a fake OpenID, or worse, a fake identity provider. This is the chink in the armor of the decentralized system.
4) Too confusing to users. "OK I want an OpenID. Wait..what is myopenid? Is that different from GetOpenID? Do I need to get an OpenID on all of them?"
5) Hackish implementations. For example, the wordpress plugin actually creates a local wordpress users behind the scenes. In my opinion, this is an unacceptable hack.
6) Lack of implicit strong authentication. An OpenID login is really only as strong as the identity providers authentication. OpenID probably should never, and will never, be used for financial logons for this reason. The flip-side is that if an IDP provides strong auth, then the OpenID is as secure as that link in the chain.
The main question (based on the further development of Open ID) I was asking was: "Compulsive Internet ID-Card coming soon?"