Johan's blog
The OpenID breakthrough
OpenID is a standard developed by the OpenID foundation. Wikipedia describes OpenID as follows:
OpenID is a decentralized single sign-on system. Using OpenID-enabled sites, web users do not need to remember traditional authentication tokens such as username and password. Instead, they only need to be previously registered on a website with an OpenID "identity provider" (IdP). Since OpenID is decentralized, any website can employ OpenID software as a way for users to sign in; OpenID solves the problem without relying on any centralized website to confirm digital identity.
Apart from other benefits, OpenID may solve the problem of many users who have different accounts on different websites or communities. Oversimplified, with OpenID you only need to remember one username/password. Other sites that depend on username/password credentials co-operate with the decentralized OpenID environment in order to verify the user credentials.
Although this may sound very trivial, there are a number of huge problems that had to be solved before the OpenID system is widely accepted.
safety: do we trust the OpenID protocol and the OpenID providers?
privacy: who own the data?
technology: what protocol is used?
It is clear that with a number of large players (e.g. Google and Yahoo), it is not easy to find a compromise on such an important topic. The "User" concept is extremely important to these companies, and they are very careful about the problems mentioned above.
With the recent announcement of OpenID (Google, IBM, Verisign and Yahoo joining the board of the OpenID Foundation), a major hurdle has been taken. The OpenID standard is now accepted by most of the key players in the market.
I predict that a number of other announcements will follow in the near future.
