[Infowarrior] - VeriSign launches free OpenID server
Richard Forno
rforno at infowarrior.org
Fri May 19 07:28:40 EDT 2006
VeriSign launches free OpenID server
http://arstechnica.com/news.ars/post/20060518-6867.html
5/18/2006 1:11:49 PM, by Nate Anderson
Most Internet users do not eat, sleep, and breathe authentication. Many
don't know what "authentication" means. Some can't even spell the word. But
everyone who has used the Internet for more than five minutes understands
the feeling of overwhelming suckitude that descends when confronted by yet
another web site that requires you to create an account in order to perform
some trivial action (note to vendors: I don't have to supply a username,
password, my address, an e-mail account, and my birthdate to buy a toaster
at Target; why do you insist on making me do it online?).
Unfortunately, although we can put a man on the moon, we can't seem to
develop any sort of single sign-on mechanism that will make online identity
a less frightening concept. VeriSign is the latest company to take a crack
at the problem, but they are doing so in a very limited way. VeriSign's new
Personal Identity Provider (PIP) attempts to capitalize on the growing
support for OpenID by hosting a server of their own, but it's not a
replacement solution for sign-ons at e-commerce sites and financial
institutions. Instead, the goal is to start with sites that have less at
stake‹blogs, photo-sharing sites, and wikis.
Rather than create a new account at each blog you visit, for instance,
OpenID allows you to generate a unique URL that functions as your identity.
You simply enter the URL, and the site communicates behind the scenes with
your OpenID server to authenticate that you do, in fact, own that URL. The
program is thus quite limited, but the limits may actually be a strength.
Past efforts at creating a robust single sign-on (such as Microsoft's
Passport) have largely failed to live up to the hype, in part because few
people want to entrust senstive information like credit card numbers to
third parties like Microsoft. VeriSign's endorsement of OpenID suggests that
companies now want to start with smaller, more manageable tasks first,
things with less at stake. OpenID is also a completely decentralized system
with many different registrars, a move designed to alleviate fears about one
company collecting too much personal information.
So what's in it for VeriSign? Rolling out a free OpenID server doesn't make
the company any money, but they are hoping to grow the entire market for
authentication products and to increase the robustness of the OpenID system.
"So what's in it for us? We believe that providing free, quality
infrastructure for the OpenID-enabled community‹identity services that are
friendly, secure and user-empowering‹will help create an environment in
which a rich variety of applications and services will appear and prosper.
As this ecosystem evolves and matures, the free, basic services offered by
the VeriSign PIP and other OpenID servers will be able to enable more
complex trust relationships and higher value transactions. There's a need
now for basic functions that will improve the quality of the blogosphere:
authenticated blog comments, open reputation systems, personalized tagging,
social media filtering, etc. Over time, as the installed base of enabled
users grows and the application set available for OpenID-equipped users
broadens and deepens, the VeriSign PIP will be able to validate credentials
and claims for it users that facilitate 'heavy duty' transactions: blog
based auctions and payments, age-based verification for dating and social
websites, verified residency for surveys, polls and voting, etc. In some
cases, the credentials and claims VeriSign provides for its users will be a
fee to the user. In other cases, the subscribing applications will pay us a
fee for qualifying and enabling users to participate and transact in a
trusted, reliable context."
The move comes after the major market players have all announced recent
plans to beef up their own authentication offerings. IBM, for instance, is
throwing its weight behind Project Higgins, while Microsoft is promising
robust InfoCard support in Vista. Even Google is rumored to be working on a
system of its own. VeriSign's support of OpenID is yet another signal that
the authentication market is heating up. Dominating the authentication space
may one day be nearly as important as dominating the search space is today,
and all of these companies want to make sure that when that day arrives,
they have a piece of the action.
More information about the Infowarrior
mailing list