[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Monday, 19 February 2007, 16:16 GMT
Net giant supports open ID scheme
OpenID Logo
AOL account holders can now use those details on non-AOL sites
AOL has joined Microsoft in supporting Open ID, giving the free identification scheme 63 million new users.

OpenID is a decentralised identification system that lets individuals use a single password for any site that supports it.

In AOL's early implementation, people with AOL and AIM accounts can use those details to login to other OpenID sites.

However AOL's own services, like AOL and AIM, do not yet accept credentials from other OpenID providers.

Microsoft recently announced its support for the Open ID system.

The company will include the standard in future products and has contributed some of its technology back to the Open ID community, which is a loose collection of developers.

Signing into an ID system gives a lot of power to the people who own it
Rufus Pollock
Open Knowledge Foundation director
Open Rights Group board member

Unlike many older identification systems, such as Microsoft's Passport, Open ID is decentralised.

Instead of a username and password stored in a central location, OpenID treats a web address like a username. Applications that use OpenID check user details against the ones at the provided address.

There is no single OpenID server; anyone can run one of their own.

Online identity: 'very powerful'

OpenID's specifications are created by an online community and are freely available for software makers to build into their applications.

Through the scheme, users can choose where to put their online identity meaning no one company has access to all user authentication data.

Rufus Pollock, director of the Open Knowledge Foundation and board member of the Open Rights Group, said the adoption of Open ID-like systems was a good for consumers.

"They're very powerful because ID platforms present plentiful opportunity for lock-in, particularly if they could be a central point of access in the online world," he said.

"If one individual firm controlled the system, it could be very anti-competitive," he added.

Security implications

Though OpenID does provide some security benefits it is not inherently more secure, said Ben Laurie, also of the Open Rights Group.

Many layers of extra security can be used at the point of sign in "without driving users nuts," because they only have to do it infrequently and in one place, he said.

"If people can do single sign on, you can concentrate on making it really hard to do it improperly," he said.

However, the standard does not specify how an OpenID server checks that a user is who they claim to be.

"OpenID completely punts on the authentication question," he said.

AOL was not immediately available for additional comment.


SEE ALSO
Microsoft to back open ID scheme
08 Feb 07 |  Technology
Re-writing the rules of online ID
05 Jan 07 |  Technology
UN warns on password 'explosion'
04 Dec 06 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific