Update: Major vendors join OpenID board

IBM, Google, Microsoft, VeriSign, and Yahoo give a boost to OpenID Foundation's efforts to simplify the process of signing into Web sites

IBM, Google, Microsoft, VeriSign, and Yahoo have joined the corporate board of the OpenID Foundation, giving a boost to the group's efforts to simplify the process of signing into Web sites.

The OpenID framework allows people to use a single user name and password to sign into sites that support it.

More than 10,000 Web sites now support OpenID log-ins, according to the foundation. Last month, Yahoo announced its 248 million active registered users could begin using their handle and password to login to non-Yahoo Web sites that support the OpenID 2.0 framework.

The closer links between OpenID and these major vendors is sure to help the foundation's effort, according to its executive director, Bill Washburn. "The community has clearly expanded since the inception of the Foundation and these companies will help bring OpenID into the mainstream markets," he said in a statement.

Another statement on the foundation's Web site went into further detail on what the new alliances could mean.

"In 2008, we can expect to see a larger focus on making OpenID even more accessible to a mainstream audience, the development of a World-wide trademark usage policy (much like the Jabber Foundation and Mozilla have done), and a larger international focus on working with the OpenID communities in Asia and Europe," it read.

"We think this is one of the largest efforts put into identity management as far as the Internet is concerned," said Anthony Nadalin, an IBM distinguished engineer and chief security architect for Tivoli software, in an interview Thursday.

Nadalin couldn't pinpoint when the vendors' new level of involvement with OpenID will produce tangible results. "This takes a little bit of time, understanding and agreeing on the issues, and where we need to drive this set of technology," he said.

Security has been cited as a concern around OpenID with some observers arguing it is vulnerable to phishing attacks.

"IBM is well-known for its ability to produce secure protocols," Nadalin added. "We have quite a bit of talent to bring to this foundation."

He noted that Version 2.0 of the OpenID framework is still fairly new.

"You can't confuse the industry by coming in and throwing out a brand-new framework," Nadalin said. "I think it's coming down to that on the 2.0 level, we get the kind of interoperability we need."

Beyond sign-on, various efforts are underway to standardize how personal data can be moved around the Web. The Dataportability Workgroup wants to broaden the scope of portable data to items such as user-created photos and videos.

Andras Cser, a senior analyst at Forrester Research, called the news "a very exciting move. Vendors are not creating new technological standards, but signing up to support existing ones."

Forrester has been hearing from vendors and clients who have been waiting for a clear standard to emerge around federated access. "This is going to cut out some of that waiting-out period," Cser said. "It's going to promote the spread of identity federation."

The fact that such high-profile companies are joining OpenID will likely have a halo effect on initiatives like Project Concordia, which is working to create interoperability between identity protocols.

"OpenID getting more attention will clearly help with Project Concordia's integration efforts as well," Cser noted.

There's a second factor to consider when weighing the future of OpenID, according to Cser. "Vendors support the technology, but who are going to be the trusted OpenID identity providers? That is something we are still waiting out," he said. "It's one thing [to use OpenID] on a blog site ... but how is it going to work for payments, for higher-value transactions?"

VeriSign, one of the five companies to join OpenID's board, "has been a trusted provider of SSL and Web security technologies and I would not be surprised if they continued on this path ... they could become one of the trusted OpenID providers," he said.

In addition, it will also be of interest to see whether software-as-a-service vendors adopt OpenID, a move that could further drive adoption, he said.

This story was updated on February 7, 2008

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies