Make in-app payments easy and secure with Apple Pay. Click here to see how.
Welcome Guest | Sign In

Internet Bigs Back Single Sign-On

Internet Bigs Back Single Sign-On

Some critics worry that having personal information in a single repository shared by many companies could create security problems. However, supporters of OpenID -- which would be free for users -- say it could actually help prevent identity theft and other security problems.

By Bob Keefe
The Atlanta Journal-Constitution LinuxInsider ECT News Network
02/08/08 10:26 AM PT

It's the bane of anyone who uses the Internet: remembering different user IDs, passwords and registration information for sites you use regularly.

Soon, you may not have to.

Some of the Internet's biggest players -- Google, Microsoft, Yahoo, IBM and VeriSign -- are working on a new single sign-on that would take some of the hassle out of surfing the Web.

The five companies on Thursday became the first corporate board members of the OpenID Foundation, which is behind an industry-wide initiative aimed at creating the system.

OpenID Foundation Chairman Scott Kveton called the addition of the Internet behemoths a huge boost.

"Having these companies really lends weight to the adoption," Kveton said. "This will help us move the technology to the forefront."

Under OpenID, companies would share sign-on information for any Web user who agrees to participate.

They would also share users' personal information, such as credit card data, billing addresses and personal preferences.

Security Boon?

All that information would be stored in a central repository, and would be doled out to participating Web sites only if and when you authorized it.

By setting up a single OpenID sign-on, you could access your Google calendar or your Microsoft Hotmail e-mail account or visit Yahoo's music download store, all without changing sign-in names or remembering different passwords.

No major retailers have signed on to OpenID yet. But ultimately, organizers say, you may be able to also use a single sign-on at different online shopping sites.

Some critics worry that having personal information in a single repository shared by many companies could create security problems.

However, supporters say OpenID -- which would be free for users -- could actually help prevent identity theft and other security problems.

"What this does is actually reduces the amount of [users' personal] data that these Web sites have to maintain," said Tony Nadalin, chief security architect for IBM Tivoli software in Austin, Texas.

"So when there are breaches on those Web sites, since they're not storing any information anymore, it's not a problem."

Though the companies have agreed to collaborate on the system, they haven't said when they expect to start deploying it.

Between technical issues, corporate takeover attempts and other hurdles, it could be months -- or even years -- before consumers see widespread deployment, Kveton acknowledged.

"I would love to say that" it will be by the end of the year, he said, "but who knows? Things come up."

Key to Next-Gen Web

IBM is one of the biggest providers of Internet identification software and security, mainly through its Austin-based Tivoli division and its Atlanta-based Internet Security Systems division.

Through its participation in OpenID, IBM expects to be heavily involved in security issues surrounding the initiative, Nadalin said.

The idea behind OpenID isn't new. Microsoft a few years ago launched Passport, a similar single-sign-on initiative that it wanted to be ubiquitous across the Web. So far, though, the use of the Microsoft system -- it's now called "Windows Live ID" -- hasn't spread far beyond Microsoft sites.

IBM and the other companies aren't exactly new to OpenID either. Most have been involved with helping develop the software protocols behind the initiative for more than a year.

Still, by becoming members of the OpenID Foundation's board, they're showing that they're officially behind the technology, and will support its rollout in coming months.

"Yahoo believes that a truly open Web is the key to the next generation of Internet experiences," Ash Patel, the company's executive vice president of platforms and infrastructure, said in a statement. Already, more than 10,000 Web sites support the OpenID platform, and more than 1.5 million Internet users have active OpenID accounts.

So far, though, the bulk of participants are blog or news sites and their users. The addition of heavyweights like Google, Microsoft and Yahoo could expand OpenID's reach significantly.


Facebook Twitter LinkedIn Google+ RSS