Yahoo tackles web password chaos with OpenID

Yahoo has on Thursday announced its support for the recently published OpenID 2.0 single sign-on web standard. The company will launch a public beta of its OpenID provider service on 30 January, meaning existing Yahoo users can log into any OpenID-enabled site with their Yahoo ID. The move is a significant boost for OpenID: the number of OpenID identities will rise to almost 370 million through the addition of 250 million Yahoo accounts.

Using OpenID, you only need to manage one username and password for all sites using OpenID. To log into a site using OpenID, you enter your ID—usually in the form of a URL—and your identity is confirmed to that site by your OpenID server, called a provider in the standard. Sites that allow you to use OpenID to log in are called consumers.

OpenID aims to allow users control over their personal data. Depending on the features of your OpenID provider, you can specify that the OpenID server only confirm your identity after explicitly requesting your permission. This also enables you to restrict the data that will be submitted to the web site you're logging into. Unlike other single sign-on systems, OpenID does not need consumers to commit to one identity provider, but can use any OpenID-compatible server.

OpenID is already supported by many companies and projects. Google's Blogger service currently has beta support for OpenID 1.1, and Verisign offers the free Personal Identity Provider OpenID server. Plug-ins are available for many publishing systems such as Drupal, Movable Type and Wordpress. OpenID consumer libraries mean developers can integrate OpenID support into their software.

Previous attempts to create web single sign-on services, such as Microsoft's Passport, failed because of the distrust of users, who didn't like the idea of a central service controlling their personal data and being able to monitor user activity. Microsoft responded to the criticism of Passport: Windows Vista offers the new CardSpace system for managing online identities. In contrast to Passport, this system allows users to hold on to their personal data. There is no indication as yet how many Vista users have chosen to use CardSpace.

Sun's Liberty Alliance has not managed a major breakthrough, either. While the two former arch-rivals promise to support OpenID, the extent of their support and whether they will sacrifice it in favour of their own interests remains to be seen.

(mba)