Last week's announcement about the OpenID Foundation, and news of participation by a number of large industry players has echoed far and wide. In fact, Bill Gates announced Microsoft's decision to collaborate with the OpenID community almost a year ago at RSA (See the CardSpace / OpenID Collaboration Announcement and a lot of Blogosphere discussion or postings like these from identityblog.
Since the announcement many of us have been involved in sorting out the intellectual property issues which plagued the community. We've come through that, and arrived at a point when we can begin to look at how the technology might be integrated into various services and user experiences. We've also made progress on looking at how the phishing vulnerabilities of OpenID can be addressed through Information Cards and other technologies.
My view is simple. OpenID is not a panacea. Its unique power stems from the way it leverages DNS – but this same framework sets limits on its potential uses. Above all, it is an important addition to the spectrum of technologies we call the Identity Metasystem, since it facilitates integration of the “long tail” of web sites into an emerging identity framework. The fact that there is so much interest from across the vendor community is really encouraging.
Here's some of coverage I have been made aware of. It ranges from the fanciful to the accurate, but demonstrates the momentum we are beginning to acquire in the identity arena.
IDG News Service
Major Vendors Join OpenID Board
Chris Kanaracus(Appeared in: The Industry Standard, Computerworld, InfoWorld, The New York Times, PCWorld.com, CSO, Techworld, iT News, Reseller News New Zealand)
CNET News.com
OpenID Foundation scores top-shelf board members
Caroline McCarthy
PC Magazine
Microsoft, Google, IBM Join OpenID
Michael Muchmore
Read/Write Web
OpenID: Google, Yahoo, IBM and More Put Some Money Where Their Mouths Are
Marshall Kirkpatrick
ZDNet
Microsoft and Google join OpenID, but where’s Cisco?
David “Dave” Greenfield
Wired
The Web's Biggest Names Throw Their Weight Behind OpenID
Scott GilberstonSlashdot
OpenID Foundation Embraced by Big Players
Zonk
O'Reilly Radar
OpenID Foundation – Google, IBM, Microsoft, VeriSign and Yahoo
Artur Bergman
InformationWeek
Major Tech Companies Join OpenID Board
Antone Gonsalves
TechCrunch
OpenID Welcomes Microsoft, Google, Verisign and IBM
Michael Arrington
PC Pro Online
OpenID receives heavyweight backing
Stuart Turton
ZDNet
Google, IBM, Microsoft and VeriSign join Yahoo on OpenID
Larry Dignan
Forrester Research
OpenID family grows – How it can transform Identity Federation between enterprises
Andras Cser
ActiveWin
Technology Leaders Join OpenID Foundation to Promote Open Identity Management on the Web
Jonathan Tigner
02-07-2008
Conde Naste Portfolio
Microsoft, Google, Yahoo Agree … on Open ID
Sam Gustin
SoftPedia News
Microsoft, Google and Yahoo Join Hands – Over OpenID
Marius Oiaga
CSO
OpenID Goes Corporate
Eric Norlin
InternetNews
OpenID Gets Star Power
Kenneth Corbin
02-07-2008
Windows IT Pro
Industry Behemoths Join OpenID Board
Mark Edwards
BetaNews
Microsoft, Google, Yahoo gain seats on OpenID Foundation board
Scott Fulton
The Register
Microsoft! snuggles! with! Yahoo! on! OpenID!
Gavin Clarke
San Francisco Chronicle
Tech heavyweights join OpenID Foundation board
Deborah (Debbie) Gage
Cox News Service
One password for the Web? Internet giants back idea
Bob Keefe
(Also appeared in Atlanta Journal-Constitution)
vnunet.com
IT heavyweights join OpenID project
Clement James
IT Pro UK
Industry giants join OpenID foundation
Asavin Wattanajantra
Computer Business Review
Industry bigwigs back OpenID single sign-on
Janine Milne
BBC Online
Password pain looks set to ease
WebProNews.com
Microsoft, Google Sign On To OpenID
David Utter
GigaOM
OpenID Has Big New Friends
Carleen Hawn
Real Tech News
Microsoft, Google, Verisign, Yahoo! and IBM Join OpenID’s Board
Michael Santo
ComputerWorld Canada
OpenID gains support for online single sign-on
Shane Schick
(Also appeared in ITworldcanada)
http://www.codecomplete.de/blogs/digitalidentity/archive/2008/02/13/openid-kills-windows-cardspace.aspx
Wouldn't it be neat if in addition to secure logins via OpenID we also could get secure sites.
You could do this easily by reversing the claims – that is that the site itself would be verified by the same OpenID token used to login.
Then add support to the OS/Browser – that it will sequre the access to the site.
It could work like this:
1. Open Cardspace and choose a card, then launch it.
2. The card is associated with a site – the default browser opens the site and logs in using OpenID. The browser window is easily recognizible (perhaps a different border, etc) as a secure site.
3. Every page in the site provide a claim to the logged in user – as long as the browser recognizes the claim the browsing continues.
4. If the site fails to deliver the claim or it no longer can be verified, the browser (or browser tab) immediatly locks down and an informational message is displayed. In this mode it should be impossible to enter information, click on links, copy text from the browser window, etc. Basically the only thing you should be able to do is close the tab/browser
This would serve as a protection against man in the middle attacks, phishing etc.
The cons would inlude that a great deal of sites that links to external data that doesn't neccesarily would provide the same claim (a bank that link to a finacial adviser for instance) would have to adapt their service.