MUST READ: Microsoft unleashes bug bounty program — for betas, too

Topic: Security

Discover

Yahoo puts its heft behind OpenID 2.0

Summary: Yahoo said Tuesday that it plans to support the OpenID 2.0 single sign-on framework and bring its 248 million users to the Web's interoperability party.

Larry Dignan

By for Between the Lines |

Yahoo said Tuesday that it plans to support the OpenID 2.0 single sign-on framework and bring its 248 million users to the Web's interoperability party.

When it comes to frameworks like OpenID my eyes typically glaze over. Why? Success or failure depends on getting massive players on board. It's herding cats to a degree.

But Yahoo got my attention since Yahoo Mail is my primary account. Instantly, Yahoo triples the number of OpenID accounts. As a user, OpenID has just gone from this concept to something that may work for me. Suddenly, I, along with a millions of other Yahoo users, ask "what's in OpenID for me?"

The main benefit is that I can consolidate my Internet identity--something that conceptual sounded swell yet somehow unrealistic. Now Yahoo makes things much more realistic.

Yahoo plans to launch a public beta on Jan. 30. In a statement, Yahoo said:

Yahoo!'s initial OpenID service, which will be available in public beta on January 30, enables a seamless and transparent web experience by allowing users to use their custom OpenID identifier on me.yahoo.com or to simply type in "www.yahoo.com" or "www.flickr.com" on any site that supports OpenID 2.0. Alternatively, web sites that accept OpenID 2.0 will be able to add a simple "Sign-in with Your Yahoo! ID" button to their login pages that will make it even easier for their users. Yahoo! is working with several partners, including Plaxo and JanRain, to make it possible for users to access these sites with their Yahoo! ID from the first day of the public beta.

With Yahoo's move it's highly likely that other players will get on board. As the Techmeme crowd notes: Yahoo's move is big.

Yahoo said that it finalized its plans with the OpenID foundation in December to improve security and usability. Security was a big reason Yahoo chose to not endorse OpenID 1.0. One thread:

Yahoo! users who log in with their Yahoo! ID on OpenID sites will have the added protection of Yahoo!'s sign-in seal wherever they go on the web. In addition, no email or IM addresses are revealed or disclosed as part of the login process, which further helps protect users from phishing or other attacks.

That security angle is critical to get users on board along with developers (see Yahoo developer page on OpenID). However, the most important thread is the interface.

Yahoo promises it'll be easy.

openid1.png

But ease of use will be critical if Yahoo is going to turn support into actual conversions for OpenID.

Topics: Security, Enterprise Software, Legal, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion

  • Don't they get it???

    We (or at least I...) don't *want* SSO for the web!!! This means someone gets my one ID, they get to *all* my accounts for all sites I use. Thanks, but no thanks! I use a separate password for each for a reason - to limit the damage should someone (maybe an insider?) get my credentials for any one site. There is too much data theft and financial loss going on to be so dumb as to throw it all under one umbrella. Sorry folks...dead in water.
    techboy_z
    Reply Vote

    • re: Don't they get it???

      "This means someone gets my one ID, they get to *all* my accounts for all sites I use."

      Use your own domain name, then:

      -You can set it up to "redirect" to an existing provider, allowing you to switch providers while maintaining your own domain name as your identity.

      -You can even self-host your identity. There's really nothing saying you have to trust somebody else to do it. OpenID just says your identity is hosted by a single provider - they don't say who that provider is, and they don't limit it to any single provider. Anybody, [i]including yourself[/i], can provide your identity.

      Problem is, you pretty much have to own your own domain name to host your identity personally. Not a big deal for techies like me, but may prove to be a problem for the average Joe.

      But yes, that is the single biggest weakness of OpenID IMHO: You have to trust the provider you select. Me, I've chosen to trust Verisign, because IMHO they're already a big player in the trust business - and they provide some of the best solutions for some of the other potential weaknesses of OpenID (phishing, spoofing, etc).
      CobraA1
      Reply Vote

  • RE: Yahoo puts its heft behind OpenID 2.0

    This is a huge step in the right direction for the standard adoption of OpenID. Who will be the next mainstream web pillar to jump in?
    doug.halve@...
    Reply Vote

  • RE: Yahoo puts its heft behind OpenID 2.0

    Is it not true that a "thumbs up" gesture in some cultures means the same thing as a middle finger gesture in other parts of the world (e.g. the US)?

    interesting choice of graphic to indicate authentication success....
    davekaminski@...
    Reply Vote

  • RE: Yahoo puts its heft behind OpenID 2.0

    And this is different from Microsoft's Passport system that failed how???
    eye4bear
    Reply Vote

    • It's not owned by anybody

      Well, for one thing, anybody can provide identities, and everybody can select identity providers.

      Unlike Microsoft's Passport, which was owned by Microsoft, Yahoo does not own OpenID. In fact, nobody owns OpenID: It's just an open specification. Anybody can be an OpenID provider. Don't like Yahoo? Choose somebody else. I use Verisign.

      In fact, if you're technically savvy enough you can be your own identity provider and you'd have complete control over your own identity.

      Passport sorta failed - but there are some remnants left. Microsoft's Live service still uses some leftover stuff from passport I think. Also, Microsoft has a new identity system called "CardSpace" built into current versions of Windows.
      CobraA1
      Reply Vote

  • Yahoo puts helft behind Open ID2.0

    Sorry Yahoo not interest if it's like all your 2.0 web upgrades I find then annoying to say the least. You have managed to lessen my web experience with your cute little boxes that pop up whenever I try to scroll down a article.What You don't understand is I don't need it I don't want it. If I want to go look up something- I don't need your help to do it.Here another example of Yahoo big brother approach(could some of this rubbed off from there Chinese experience? Maybe they got these idea's from the Chinese Goverment and how they deal with there masses. Big Question is Yahoo leagly responaiable if some hacker is smart than Yahoo and my data is stolen can I sue them ? Why can't we disable this Web 2.0 expreince ?
    esoldfuz004@...
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close