Messaging News - June 2008 - (Page 31) ew Web-based services crop up at an astonishing rate. The problem is that with each new service, a new signup process with a unique username, password, and often bits of personally identifying information are required to create a new account. Not only is this process maddening in its repetitiveness, but also each account adds additional management overhead. OpenID allows users to have a single identifier that may be used to log onto every service that accepts OpenIDs for authentication. OpenID is an authentication framework that has the potential to be a mainstream Internet-scale Single Sign On (SSO) mechanism. However, the OpenID framework also has a number of substantial security challenges that it must overcome in order to avoid creating bigger problems than it solves. In addition, OpenID must gain much greater adoption with consumers, service providers, and software developers so that the network effect N On Message with Ben Gross The Promise and Problems of OpenID is large enough to matter. Brad Fitzpatrick originally created OpenID in 2005 as an authentication mechanism for the LiveJournal service he was developing at the time. The second major revision of the OpenID protocol was released in 2007, at the Internet Identity Workshop, where much of the consensus for community development work is achieved. The authors of the OpenID specification, along with a number of active members and organizations developing OpenID, formed the OpenID Foundation in June 2007 to ensure that the intellectual property and trademarks related to the specification remained controlled by an independent entity. OpenIDs are presented as URLs such as http://username.openidprovider.com/. Identities may be delegated using a few simple auto-discovery headers that allow users to present an OpenID such as http:// username.hostingservice.com/blog/ that redirects to the OpenID Provider. Users may also maintain multiple OpenIDs. OpenID is often referred to as a user-centric identity management system meaning that the user is theoretically in control of their online identity. The system is technically decentralized meaning that there is no single authoritative component, company, or service that controls or owns the OpenID infrastructure. There also is not a single point of failure for the system as a whole. However, as I will discuss later, the amount of control and potential for points of failure are relative to the amount of control the user has over the domain that is tied to their OpenID. Slow Adoption Many services and platforms popular with early adopters have begun to support OpenID as either a client or server. Most of the large Web-based service providers (AOL, Google, Microsoft, and Yahoo!) have promised OpenID support. However, there are major challenges to adoption and OpenID is still virtually unheard of in the public-at-large. In particular, most OpenID-enabled services only provide an OpenID login (typically called Identity Providers or OpenID Providers) rather than a Relying Party (an OpenID client formerly known as a Consumer). This means users have many options for OpenID usernames and passwords, but relatively few services to log into. OpenID security—in particular protection from phishing attacks—still needs significant development. There are a number of problems facing the widespread adoption of OpenID. When simply looking at the number of potential OpenID users, the outlook is rosy as messagingnews.com 31 http://username.openidprovider.com/ http://username.openidprovider.com/ http://username.hostingservice.com/blog/ http://username.hostingservice.com/blog/ http://www.messagingnews.com
Table of Contents Feed for the Digital Edition of Messaging News - June 2008 Messaging News - June 2008 Editor’s Note Short Takes Classification & Retention Spam: Bigger, Faster, and More Dangerous Bad Behavior and Today’s Reputation Analysis The Changing Locus of Collaboration Serving Up Managed and Hosted Messaging Solutions “On Message” with Ben Gross SCAP Standard Benefits Both Government and Commercial Space Making the Case Learn More Messaging News - June 2008 Messaging News - June 2008 - Messaging News - June 2008 (Page Cover1) Messaging News - June 2008 - Messaging News - June 2008 (Page Cover2) Messaging News - June 2008 - Messaging News - June 2008 (Page 3) Messaging News - June 2008 - Messaging News - June 2008 (Page 4) Messaging News - June 2008 - Messaging News - June 2008 (Page 5) Messaging News - June 2008 - Editor’s Note (Page 6) Messaging News - June 2008 - Editor’s Note (Page 7) Messaging News - June 2008 - Short Takes (Page 8) Messaging News - June 2008 - Short Takes (Page 9) Messaging News - June 2008 - Classification & Retention (Page 10) Messaging News - June 2008 - Classification & Retention (Page 11) Messaging News - June 2008 - Classification & Retention (Page 12) Messaging News - June 2008 - Classification & Retention (Page 13) Messaging News - June 2008 - Classification & Retention (Page 14) Messaging News - June 2008 - Classification & Retention (Page 15) Messaging News - June 2008 - Spam: Bigger, Faster, and More Dangerous (Page 16) Messaging News - June 2008 - Spam: Bigger, Faster, and More Dangerous (Page 17) Messaging News - June 2008 - Bad Behavior and Today’s Reputation Analysis (Page 18) Messaging News - June 2008 - Bad Behavior and Today’s Reputation Analysis (Page 19) Messaging News - June 2008 - Bad Behavior and Today’s Reputation Analysis (Page 20) Messaging News - June 2008 - Bad Behavior and Today’s Reputation Analysis (Page 21) Messaging News - June 2008 - The Changing Locus of Collaboration (Page 22) Messaging News - June 2008 - The Changing Locus of Collaboration (Page 23) Messaging News - June 2008 - The Changing Locus of Collaboration (Page 24) Messaging News - June 2008 - The Changing Locus of Collaboration (Page 25) Messaging News - June 2008 - Serving Up Managed and Hosted Messaging Solutions (Page 26) Messaging News - June 2008 - Serving Up Managed and Hosted Messaging Solutions (Page 27) Messaging News - June 2008 - Serving Up Managed and Hosted Messaging Solutions (Page 28) Messaging News - June 2008 - Serving Up Managed and Hosted Messaging Solutions (Page 29) Messaging News - June 2008 - Serving Up Managed and Hosted Messaging Solutions (Page 30) Messaging News - June 2008 - “On Message” with Ben Gross (Page 31) Messaging News - June 2008 - “On Message” with Ben Gross (Page 32) Messaging News - June 2008 - “On Message” with Ben Gross (Page 33) Messaging News - June 2008 - “On Message” with Ben Gross (Page 34) Messaging News - June 2008 - SCAP Standard Benefits Both Government and Commercial Space (Page 35) Messaging News - June 2008 - Making the Case (Page 36) Messaging News - June 2008 - Making the Case (Page 37) Messaging News - June 2008 - Learn More (Page 38) Messaging News - June 2008 - Learn More (Page Cover3) Messaging News - June 2008 - Learn More (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.