OpenID: emerging from web 2.0

David Recorden, Martin Paljak

• Decentralised, lightweight
• reduce the number of usernames and passwords needed online
• supported by lots of geeky tools, and increasing numbers of development toolsets. starting to get penetration in larger service companies.
• end-user tools from sxipper, symantec, verisign.

• Estonian smartcard system – used for all kinds of e-services. Uses openID behind the scenes to manage SSO
• Gives users more control over their identity data. Services only need to get identity, not personal information, so users don’t need to have multiple privacy policies.
• Need the right hardware and software to use it. card + PIN verification
• Developers don’t like it, in part because of the cost of getting an SSL-enabled site (need a distinct IP address and a certificate)
• Mobile-ID: Same data from the smartcard, on a GSM SIM; but the implementation is totally different. Websites allow you to enter a phone number as an ID; you get sent a confirmation text, use a PIN to reply (PIN stays on the phone), can then continue logged in
• Anonymity: anonymity is a priviledge; open.id.ee provides partial anonymity
• OpenID 2: multiple identities. Can have an openID with no personally-identifiable information in the ID. provides anonymity whilst still allowing sites to assert that these are real, unique people.
• Other EU countries deploying openID. OpenID is designed for interop.

Chris May : 07 Nov 2007 11:11 |  Tags: Web20Expoberlin |  Comments (0) |  Report a problem