OpenID is a URL that serves as an ID to establish your identity although it doesn’t establish trust. OpenID is still in it’s infancy and there’s not a lot of sites I use (read that as none – at least that promote it) that use OpenID. Still, it’s interesting to think about where OpenID fits into the authentication scheme.
Some of the benefits of OpenID:
- Can easily maintain multiple online personas (IDs). For example, one for forums, one for blogs you author, etc…
- Makes online IDs easier to manage
- Can be more secure if properly managed. You can have multiple OpenIDs for different levels of security. It’s also easier to change one OpenID password regularly instead of multiple online accounts.
- It’s decentralized with multiple providers.
There are some potential drawbacks:
- OpenID uses the web browser so it’s only as secure as your browser and your surfing habits. OpenID is based upon redirection so there’s the risk of phishing and redirecting you to a bad site. You just need to be aware of your URLs and be sure they’re using https. Verisign has also put out a Firefox add-in called Seatbelt which helps to manage and protect OpenID. Still, by it’s nature, the loss of a single OpenID password would allow access to multiple accounts.
- OpenID is a potential privacy concern. Your OpenID provider knows what sites you visit and use. But so does Google and Yahoo.
- OpenID is still confusing and support is limited. A number of 5,000 sites is tossed about. But a look at the OpenID page makes it apparent a typical user isn’t going to wade through all that.
OpenID’s place in my world
OpenID supports delegation so I can use my website as an OpenID (which is just a URL). So my first step will be to enable my site to do this. This makes it easier to change OpenID providers if I want to. It’s also a much shorter URL than Verisign provides.
I’ll start looking for OpenID support at various sites I used. I’m not going to use it for any sites I really want to be secure (online banking and similar sites). I already use unique IDs and passwords for them. But I’ll start using it for other sites when it’s available.
There’s a 50 minute video of Simon Willison’s OpenID presentation at Google about open ID available on Google Video.
Spyware Terminator (freeware) has been updated to version 184.108.40.206.
Lavasoft Ad-Aware (freeware) has been updated to version 220.127.116.11.
News & Information
Tech.Blorge about Carnegie Mellon University developing a game to teach Anti-Phishing to web users.
TUAW brings some links with information about running a Mac on an untrusted network.