November 07, 2007

OpenID: emerging from web 2.0

David Recorden, Martin Paljak

  • Decentralised, lightweight
  • reduce the number of usernames and passwords needed online
  • supported by lots of geeky tools, and increasing numbers of development toolsets. starting to get penetration in larger service companies.
  • end-user tools from sxipper, symantec, verisign.
  • Estonian smartcard system – used for all kinds of e-services. Uses openID behind the scenes to manage SSO
  • Gives users more control over their identity data. Services only need to get identity, not personal information, so users don’t need to have multiple privacy policies.
  • Need the right hardware and software to use it. card + PIN verification
  • Developers don’t like it, in part because of the cost of getting an SSL-enabled site (need a distinct IP address and a certificate)
  • Mobile-ID: Same data from the smartcard, on a GSM SIM; but the implementation is totally different. Websites allow you to enter a phone number as an ID; you get sent a confirmation text, use a PIN to reply (PIN stays on the phone), can then continue logged in
  • Anonymity: anonymity is a priviledge; provides partial anonymity
  • OpenID 2: multiple identities. Can have an openID with no personally-identifiable information in the ID. provides anonymity whilst still allowing sites to assert that these are real, unique people.
  • Other EU countries deploying openID. OpenID is designed for interop.

- No comments Not publicly viewable

Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

Most recent entries


Search this blog

on twitter...


    Not signed in
    Sign in

    Powered by BlogBuilder
    © MMXXI