Update: Yahoo to support OpenID single sign-on

Users will be able to use their Yahoo name and password to access non-Yahoo Web sites that support the OpenID 2.0 digital identity framework

People with a Yahoo user name and password will be able to use that ID information to access non-Yahoo Web sites that support the OpenID 2.0 digital identity framework, reducing the amount of different log-in information people need to create, remember and enter online.

Already, almost 10,000 Web sites support OpenID, an open framework available for free to end users and Web site operators alike, according to the OpenID Foundation.

Yahoo's move will triple the number of OpenID accounts to 368 million by adding its 248 million active registered users to the rolls, the company said Thursday.

OpenID addresses one of several issues related to giving people more control of their online activities. Other groups are focusing on data portability, to let people move around the data and content they create online, so that they don't have to enter it manually in, say, every social-networking site they sign up for.

Yet other initiatives, like Google's OpenSocial, aim to create standard interfaces so that developers can create applications that run in multiple social-networking sites, instead of having to rewrite the same application multiple times for every site.

For all of these initiatives, it's critical for major Internet players to get involved, so that the benefits of standard technology and methods developed by groups like OpenID can have a real-world impact.

Unsurprisingly, in Thursday's statement, Scott Kveton, the OpenID Foundation's chairman, hailed Yahoo's support as a crucial validation of the framework that will help spur its adoption by other large Web site operators.

Other major players that have expressed interest and gotten involved in varying degrees with OpenID include Google, Six Apart, AOL, Sun, Novell, and Microsoft.

Yahoo users will be able to take advantage of OpenID in two ways, Raj Mata, Yahoo's membership director, said in an interview.

The first is through the traditional OpenID authentication method: a unique URL string in the format http://me.yahoo.com that will be assigned to each Yahoo member and which they can enter into the log-in prompt in OpenID-supporting sites. That URL string will start with http://me.yahoo.com and be followed by a unique identifying word, Mata said.

On Jan. 30, Yahoo members will be able to retrieve their OpenID URL by going to the Yahoo/OpenID site. The OpenID URL will be assigned by Yahoo, but users will be able to change the unique part of the string to a word of their choice, Mata said.

The other way in which Yahoo users will be able to take advantage of OpenID is in sites that, in addition to the URL string, will also embed a conventional Yahoo log-in prompt on their site. In those cases, Yahoo users will simply need to enter their Yahoo user name and password to log in. The information will be verified on Yahoo servers and, once authenticated, Yahoo will inform the external site that the person is a Yahoo user. The external site doesn't see any log-in information, Mata said.

On Jan. 30, the Yahoo/OpenID URL will work with all OpenID-supporting sites, while the more conventional log-in prompt is expected to be operational on a few sites, such as Plaxo's, that are collaborating with Yahoo to implement it, Mata said. Yahoo hopes that as OpenID matures and gets refined, the authentication method will move away from the URL method and toward the conventional log-in prompt, he said. Yahoo will put instructions and code on its Web site so that third-party developers can embed its log-in prompt on their sites.

Yahoo's announcement doesn't come as a complete surprise because signs that it had been working on an OpenID implementation had surfaced. For example, a short message in the domain me.yahoo.com indicating the company would act as an identity provider for OpenID was spotted last week.

Yahoo participated in the development of version 2.0 of the OpenID framework, which the company said provides new security features. Yahoo users who log in to third-party OpenID sites should know that the log-in process doesn't reveal e-mail or instant-message addresses, Yahoo said Thursday.

This story was updated on January 17, 2007

Copyright © 2008 IDG Communications, Inc.