In association with heise online

30 October 2008, 09:59

Google launches OpenID 2.0 only service

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google has announced a beta of an OpenID single sign-on API. The implementation of the beta has some restrictions which some users have suggested is a fork in OpenID development. One commenter on the announcement called it "GopenID, or GoogleID, or Andro-ID, or some other pointless fork" while others pointed to the fact that Microsoft and Yahoo have managed to introduce OpenID provision without the restrictions.

The issue is in part which version of OpenID is being supported. OpenID 1.0 was built around OpenID providers and relying parties freely interopertating; that is any relying party would accept OpenID credentials from any OpenID provider and any provider would allow any relying party to obtain those credentials. Google though has implemented parts of OpenID 2.0 and not OpenID 1.0 back compatibility in the same way as say Yahoo has.

The other part of the issue is that Google's implementation requires a site has preregistered with Google to use their OpenID provider and that the site doesn't accept a OpenID URI from a user, but uses the user's Google Mail address. Work has been done on using email addresses as OpenID logins, such as EmailtoID and EAUT but these have not been incorporated into the OpenID standard. Google's lack of OpenID 1.x compatibility and registered relying parties only is seen by some to grant them a great deal of control over what was designed as an open single sign on system.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit