BBC NEWS 19 Feb 07 16:16
  

Net giant supports open ID scheme

OpenID Logo AOL has joined Microsoft in supporting Open ID, giving the free identification scheme 63 million new users.

OpenID is a decentralised identification system that lets individuals use a single password for any site that supports it.

In AOL's early implementation, people with AOL and AIM accounts can use those details to login to other OpenID sites.

However AOL's own services, like AOL and AIM, do not yet accept credentials from other OpenID providers.

Microsoft recently announced its support for the Open ID system.

The company will include the standard in future products and has contributed some of its technology back to the Open ID community, which is a loose collection of developers.

Unlike many older identification systems, such as Microsoft's Passport, Open ID is decentralised.

Instead of a username and password stored in a central location, OpenID treats a web address like a username. Applications that use OpenID check user details against the ones at the provided address.

There is no single OpenID server; anyone can run one of their own.

Online identity: 'very powerful'

OpenID's specifications are created by an online community and are freely available for software makers to build into their applications.

Through the scheme, users can choose where to put their online identity meaning no one company has access to all user authentication data.

Rufus Pollock, director of the Open Knowledge Foundation and board member of the Open Rights Group, said the adoption of Open ID-like systems was a good for consumers.

"They're very powerful because ID platforms present plentiful opportunity for lock-in, particularly if they could be a central point of access in the online world," he said.

"If one individual firm controlled the system, it could be very anti-competitive," he added.

Security implications

Though OpenID does provide some security benefits it is not inherently more secure, said Ben Laurie, also of the Open Rights Group.

Many layers of extra security can be used at the point of sign in "without driving users nuts," because they only have to do it infrequently and in one place, he said.

"If people can do single sign on, you can concentrate on making it really hard to do it improperly," he said.

However, the standard does not specify how an OpenID server checks that a user is who they claim to be.

"OpenID completely punts on the authentication question," he said.

AOL was not immediately available for additional comment.

Send this to a friend
RELATED TO THIS STORY:
Microsoft to back open ID scheme (08 Feb 07 |  Technology )
Re-writing the rules of online ID (05 Jan 07 |  Technology )
UN warns on password 'explosion' (04 Dec 06 |  Technology )

RELATED INTERNET LINKS:
AOL
OpenID
Open Rights Group
The BBC is not responsible for the content of external internet sites

News Homepage | Video Headlines | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK News | England | Northern Ireland | Scotland | Wales | Education | Magazine | Business | Market Data | Economy | Health | Science & Environment | Technology | Entertainment | Have Your Say |

^ Back to top | BBC Sport Home | BBC Homepage | Feedback | ©