Google Watch - Data Portability - Feeling Social, Yahoo Avails OpenID to Its Masses | eWeek

Feeling Social, Yahoo Avails OpenID to Its Masses

Écrit par
Clint Boulton
Clint Boulton
Jan 17, 2008
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Yahoo, the maligned Internet company looking to turn things around in 2008, said today it is backing the OpenID 2.0 digital identity framework, allowing its 248 million users to access multiple Web sites with one ID.

With the help of partners such as Plaxo and OpenID creator JanRain, Yahoo will support OpenID in public beta beginning Jan. 30, allowing users to use their OpenID identifier, which is a personalized URL, to access their Yahoo pages.

Web sites that accept OpenID 2.0–there are 9,000, including Google Blogger, AOL, Microsoft VeriSign and Sun Microsystems–will be able to add a “Sign-in with Your Yahoo! ID” button to their login pages that will make access easier for users.

Yahoo’s support could be a boon for the OpenID movement, which currently boasts 120 million identifier URLs. If Yahoo’s users go for OpenID, that could triple the total, making the technology a lot more credible.

OpenID is a fine concept. Who wouldn’t want to move online among multiple social networks, blogs, and wikis without retyping in the same ID information?

There is a big push afoot for data portability, allowing users to move data in and out of walled gardens, so it would make sense to start by enabling single sign-on for these sites. Plaxo and Google’s OpenSocial effort are two of the leading purveyors of the data portability concept.

When Robert Scoble was briefly kicked out of Facebook for yanking out data with a Plaxo tool, hundreds of people rushed forward to demand his reinstatement even though he was in the wrong.

People get crazy about wanting to control their data and what they can do with it, which leads me to my security concern about OpenID. How secure is it?

OpenID professes to be safer than the traditional e-mail/password log-in. Because it uses a URL, no e-mail or instant messaging addresses are revealed or disclosed as part of the login process, protecting users from phishing or other attacks.

But users are responsible for their identifiers. If someone grabs your computer, laptop, or mobile device and finds your URL, you’re done for, right? Well, no.

Plaxo Chief Platform Architect Joesph Smarr told me today such a scenario is highly unlikely because the technology was created by cryptography geeks dissatisified with current security methodologies.

OpenID not only encrypts but digitally signs and double-checks the information flowing back and forth. Moreover, Smarr said you don’t have to keep your OpenID URL secret for it to be secure.

Users have to sign in to their OpenID provider to prove they own that OpenID. That can be a login/password like normal, but it can also include a secure key fob, a client-side cert, replying to an SMS, and so on.

OK (grumble, grumble), but I’m going to go back to standby that if humans can design something, humans can break it. It’s only a matter of time before folks find a way to break OpenID. If that happens, stick a fork in the emerging protocol.

Until then, enjoy the digital convenience OpenID has to offer.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.