Modernizing Authentication — What It Takes to Transform Secure Access
The mission to build a common login for all sites across the Internet has taken one giant step forward. Five, actually.
The OpenID Foundation has announced that Microsoft, Google, Yahoo, IBM and VeriSign would become its first corporate board members.
"This really puts, very strongly and clearly, an important first piece of the puzzle in place," said Bill Washburn, executive director of the OpenID Foundation.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=iWashburn told InternetNews.com that Web entrepreneurs and site operators have increasingly acknowledged the need for a trusted universal identifier that site visitors can use to access all their favorite Internet destinations.
Though a number of initiatives have emerged to provide common logins, most notably Microsoft's Passport, "none has taken hold," Washburn said.
Possibly until now. The announcement could provide OpenID with the momentum it needs to win support from other companies that have so far stayed on the sidelines, supporters say.
OpenID began as a grassroots movement in 2005. While it can now boast the support of more than 10,000 Web sites, phishing and other security concerns have hindered adoption.
Doubters have also been skeptical that enough sites would ever accept it to fulfill OpenID's promise of becoming a universal identifier.
Last June, OpenID's early community members formed the foundation to give the effort legal and organizational support. Several large companies also began making more serious overtures to the movement, including some that today joined its board.
Of the companies now joining the board, Yahoo has perhaps been the most vocal proponent of OpenID. Last month, the portal giant announced its full support of OpenID 2.0, making it the largest issuer of OpenID logins.
Security concerns have prevented Yahoo from becoming a relying party, however, meaning that the portal giant does not accept OpenID logins issued by other sites.
The involvement of IBM, and especially VeriSign, should address the security concerns of the OpenID movement, Washburn said.
VeriSign also has a long partnership with OpenID, said Nico Popp, the company's vice president of innovation. Popp told InternetNews.com that in the future, a top priority will be to ensure that the standards and protocol of OpenID remain open.
"We will definitely be very active supporting the mission of the foundation," he said. "The core mission is to protect the intellectual property," he added, citing the success of open security protocols SSL and DNS.
Combining the brain trusts behind VeriSign Identity Provider and IBM's Tivoli identity management software should go a long way to secure OpenID while ensuring that the protocols remain open, supporters said.
IBM makes for a natural partner for OpenID, because of its historic embrace of open protocols in enterprise, said Tony Nadalin, an IBM distinguished engineer and the chief security architect of Tivoli.