MySpace will announce support for the OpenID single sign-on framework sometime this week, we’ve heard from multiple sources. This will be the second largest implementation ever and will bring the total number of OpenID-enabled accounts to over half a billion. MySpace’s 200 million user IDs join Yahoo’s 250 million or so accounts, plus accounts from a number of other large providers. Like most large company integrations, MySpace is at first becoming an OpenID issuer only, and may integrate as a relying party down the road. We’ve argued that becoming an issuer is essentially a land grab for user identities. The integration work on accepting OpenIDs from others is harder, and the payoff is less. MySpace may also be writing code to extend the OpenID spec and allow easy integration of their Data Availability product to sites that accept MySpace OpenIDs. CrunchBase Information MySpace OpenID Information provided by CrunchBase → Read More
Over 16 months after first declaring its support for the OpenID authentication platform, Microsoft has finally implemented it for the first time, allowing for OpenID logins on its Health Vault medical site. Unfortunately, Health Vault will only support authentication from two OpenID providers: Trustbearer and Verisign. Whatever happened to the Open in OpenID? The rationale behind the limited introduction is that health is sensitive, so access should be limited to the few, most trusted OpenID providers. It certainly makes sense, but it also serves to underscore one of the problems inherent to OpenID: security. The text-based passwords found scattered across the web simply aren’t very good for protection. We’ve heard countless tales of hacked or phished passwords leading to identity theft – what happens when a user’s entire web presence (including financial and health data) is tied to a single password? It’s a recipe for disaster. To remedy the issue, a number of companies have come up with different ways to improve security. Trustbearer requires users to provide a physical ID “token” to verify their identity (users can order a $40 USB stick if they don’t already have one of the acceptable ID cards). Vidoop offers a free browser-based image authentication system that uses advertising to generate revenue. And so on. With every new security measure comes a new, subjective, stratification of the system. The promise of OpenID is a platform that “eliminates the need for multiple usernames across different websites, simplifying your online experience.” But by only accepting “secure” OpenID providers, Microsoft has demonstated that this system is by no means unified in its current form. Soon users will need to remember their “secure” OpenID, along with their “normal” credentials. And what happens when another provider comes along with an “uber-secure” ID, forcing users to remember yet another login? There are a number of companies besides Microsoft that could be criticized for their slow or poor implementation of OpenID – Google, which has become an OpenID provider through its Blogger property, has yet to implement the platform on any of its flagship services. But it seems that the platform itself may be even more deserving of scrutiny. What good is a unified login when its default form will only be accepted on the least private and secure sites? CrunchBase Information OpenID Foundation Microsoft Information provided by CrunchBase → Read More
It’s definitely FriendFeed month in Silicon Valley. The company, founded by ex-Googlers, let you aggregate information and activity streams from all of the various services that you use on the internet – Flickr photos, YouTube videos, blog posts, delicious bookmarks, Twitter messages, and other stuff (33 services total to date). Your friends subscribe to your stuff, and see a stream of data on their home page coming from everyone they follow. The site also allows users to add content directly, comment on information and, more recently, added an excellent search feature that is still sorely lacking in Twitter. The site is more than a list of feeds that can be re-exported. FriendFeed wants to be a destination site, too. And their growth is very strong, given that the service only launched publicly a month ago. The number of users was growing 25% per week earlier this month. Last week the site announced the availability of an API, which allows third party services to easily add in FriendFeed data and features. The first batch of these applications are starting to be released now. The Centralized Me But there’s something just a little weird about FriendFeed, some people are starting to mumble. It’s an aggregated “me” but it sits in a centralized site (in fact, centralization is kind of the point). FriendFeed is a (and hopes to become “the”) Centralized Me. It’s a data silo. True, it’s a friendly data silo, with APIs and RSS feeds to move some of the data around, but it’s ultimately housed on their servers, and always will be. Loic Le Meur sort of summed it all up tonight in a blog post where he says that we grew used to having a Centralized Me in the days before all these services popped up, starting in 2004 and spreading since then. That Centralized Me was the blog. Then we grew used to having a Decentralized Me – your stuff was literally everywhere. Go here for photos, here for the blog, here for videos, and here for bookmarks. Robert Scoble today is sort of the quintessential Decentralized Me – his stuff is everywhere, and he seems to love the chaos. What Loic wants, and I think other people will want it too, is a place that they control where this information is aggregated. That may be right back at the blog for some people. For others it may → Read More
OpenID, a distributed single sign on solution that allows people to sign into different services with the same login credentials, gained significant momentum over the last year as Google, Microsoft, Yahoo and AOL all pledged their support for the initiative. There are two ways companies/websites can participate in the OpenID framework – as “issuing parties” or as “relying parties.” Issuing parties make their user accounts OpenID compatible. Relying parties are websites that allow users to sign into their sites with credentials from Issuing parties. Of course, sites can also be both. In fact, if they aren’t both it can be confusing and isn’t a good user experience. The problem, though, is that the Big Four Internet companies that I mentioned above have made big press announcements about their support for OpenID, but haven’t done enough to actually implement it. Microsoft has done absolutely nothing, even though Bill Gates announced their support over a year ago. Google has limited its support to Blogger, where it is both an Issuing and Relying party. Yahoo and AOL are Issuing parties only. This isn’t just toe dipping in the OpenID pool to see how things go before jumping in. Putting my conspiracy theory hat on, it looks to me like these companies want all the positive press that comes from adopting this open standard, but none of the downside. By becoming Issuing parties, AOL and Yahoo hope to see their users logging in all over the Internet with those credentials. But they don’t accept IDs from anywhere else, so anyone that uses their services has to create new credentials with them. It’s all gain, no pain. I spoke to Bill Washburn (the Executive Director of OpenID and only paid employee) and David Recordon (Vice Chair of OpenID) today about the hesitation of the big guys to fully implement OpenID. Both were careful not to criticize, noting that the support of these companies has been an important driver of OpenID awareness. But both also said that they would really like to see full implementation happen sooner rather than later. Recordan says that at least 11,000 sites now take OpenID credentials for sign on (see image to right). Among them are some large services like 37Signals and LiveJournal. And the open source community has been great about building OpenID support into their software, Recordan says, so that others building on that software can launch Relying party → Read More
OpenID, a way to sign on to multiple web sites with a single set of credentials, has incredible promise. Large companies have signed up. Thousands of website take OpenID sign-ins. All is good, right? Well, not exactly. First, those big companies only issue IDs, they don’t accept them yet. And the user experience with OpenID is just plain bad. Users have to remember their OpenID URL, and are redirected to a sign in page. And it’s worse for people who already have an account at a website but want to start using their OpenID instead. Linking those two accounts isn’t easy. That’s where new startup Clickpass comes in, which launches today. We first heard of them last year at a Y Combinator demo day, but the founders, Peter Nixey and Immad Akhund weren’t saying much at the time. They are an OpenID issuer first. But they are also trying to make using OpenID much simpler for the user. First, they are partnering with sites like Plaxo, GetSatisfaction, Pownce and many of the Y Combinator startups. Those sites will show the ClickPass button, and users can sign in via OpenID with a single click (and they don’t need to remember their OpenID URL). If it’s your first time with OpenID, Clickpass will ask you if you have an existing account at the service you are trying to log into, and pass that information back to the site to join the accounts. As you add sites to your ClickPass OpenID, you’ll see them listed on the Clickpass site. You are given a distinct OpenID URL for each site that you can use to manage multiple identities, all tied together on ClickPass. And if you choose to fill out profile information on ClickPass, they’ll autofill that information on new sites you join. Clickpass also ensures privacy controls by letting you choose what kind of information you want to share with the site. Conceivably the service could serve as a node for your personal data, connecting it between different website accounts. In short, ClickPass takes the technical transparency and openness of OpenID and adds a layer of simplicity and familiarity. Vidoop is approaching OpenID in a similar way, and PassPack is a non-OpenID solution. For launch they’ll be active on hacker news, Plaxo, Disqus, and through a WordPress plugin. The user experience is clean. After you sign in to Clickpass, you can sign in → Read More
As anticipated by TechCrunch UK in early January, OpenID is welcoming some big new partners to the club – Microsoft, Google, Verisign and IBM (TechCrunch UK anticipated all but Microsoft). Google has been dabbling with OpenID for some time with its Blogger platform (and Brad Fitzpatrick, the creator of OpenID, is now a Google employee). Yahoo also announced support for OpenID earlier this month, which more than tripled the number of OpenID accounts to 350 million. 10,000 websites now accept OpenID accounts for login. All of the newcomers, along with Yahoo, have joined OpenID’s corporate board and, we assume, will be making their user accounts OpenID-compatible. But it’s not clear that any of them are in a hurry to become a “relying party” (allowing users with third party OpenIDs to log in to their sites). OpenID looks like it’s going to be a winner, so big companies making their user accounts OpenID compatible is a good hedge. Everyone, of course, wants to be an ID issuer, since they get to “own” the user. Less attractive is allowing users from other sites to log into your services, so don’t expect that functionality to come for some time. → Read More
After testing OpenID’s as logins to Google’s Blogger in Draft program in November, Google has become an OpenID provider itself. The news confirms TechCrunch UK’s story of January 9, which also predicted that IBM and VeriSign would soon be joining the OpenID train. Effective immediately, Blogger users are able to use their blogs URL as an OpenID login, after toggling the option via the draft.blogger.com admin menu. Google’s baby steps follow the announcement last week that over 250 million Yahoo users would be able to use their Yahoo logins as OpenID. Reports have put users of Blogger at somewhere between 10 million and 50 million, although the service is renowned as a haven for spam so how many legitimate bloggers will take up this service is unclear. It also isn’t being provided as yet via the regular Blogger quite yet, only via the Blogger in Draft service (although this is available to those who wish to use it), however this is the regular first step for new features in Blogger so it could be expected to become a standard option sometime later this year. → Read More
The rumor last week was that Google (as well as Verisign and IBM) were mulling over the idea of joining the OpenID 2.0 single sign-on framework. But the real news comes today, as Yahoo and its roughly 250 million user IDs officially jump on the bandwagon. Today, there are only approximately 120 million valid OpenID accounts. In one move, Yahoo more than triples that number. The service will be available in public beta on January 30, says Yahoo, and will allow users to log in to more than 9,000 OpenId compliant websites with their Yahoo IDs. Yahoo will also be integrating their Sign-In Seal feature, meaning users can view an uploaded image before giving over credentials – the feature is widely used by financial institutions and is designed to reduce the effectiveness of phishing attempts. Yahoo is also announcing that both Plaxo and JanRain will allow Yahoo OpenID sign-ins from January 30. “This is just the first step in working with OpenID,” Yahoo Director of Membership and Registration Raj Mata said to me on a phone interview yesterday. But he would not confirm when (or if) Yahoo would also become what is called a “relying party” (allowing users with third party OpenIDs to log in to Yahoo). He did say that the goal was to move in that direction, but gave no further guidance. More information can be found at openid.yahoo.com. Screen shots are below. → Read More
TechCrunch UK’s Mike Butcher is reporting that Google, IBM and Verisign are in late stage discussions with the OpenID Foundation. This news comes on the same day that Google, Facebook and Plaxo joined the DataPortability Workgroup. Google has been testing OpenID with its Blogger platform since late last year, but this is said to be a more general implementation across core Google properties. OpenID was originally developed by Brad Fitzpatrick, previously at LiveJournal and now at Google. It’s likely he’s pushing this internally. If he gets Google on board, then OpenID has very rosy prospects ahead. → Read More
Google’s “Blogger in Draft” program that tests functionality for Google’s popular Blogger blogging platform has rolled out OpenID support for comments. The new service will allow anyone with an OpenID account, including LiveJournal and TypeKey services to log in and validate a comment on blogs running under the Blogger in Draft service. Google notes that the feature is a test and that they will seek user feedback, but all things being equal this will end up being provided on Blogger itself. The bigger news, particularly for rabid OpenID advocates is a suggestion from Google that they are “working on functionality to let Blogger’s URLs (both Blog*Spot and custom domains) be used for commenting elsewhere on the web,” which sounds a lot like code for Google is looking at turning Blogger logins into OpenID log ins in a similar way that AOL did with its user base. It doesn’t take Sherlock Holmes to know who is driving this, and Google even drops a hint in the example link: “http://brad.livejournal.com/”; LiveJournal founder and former SixApart employee Brad Fitzpatrick joined Google in August and is credited as the founder of OpenID. OpenID advocates are passionate about the potential of the idea, but despite the noise and companies such as Digg, Yahoo and even to some extent Microsoft adopting OpenID it has failed to capture the broader public’s imagination. If the 1000 pound Gorilla in the room decides to adopt OpenID across its range of products, presumably with Blogger being only the first step of a broader rollout, OpenID may finally take off outside of the first adopter and tech communities. Thanks to David for the tip → Read More
Yesterday at the Digital ID conference in San Francisco, Orange, one of the major mobile operator and ISP with more than 40 million subscribers announced they would adopt the OpenID registration/identification standard. There was already a clear trend from big internet properties to adopt (Digg, Technorati Microsoft and AOL but also Yahoo and WikiPedia already announced that). But this is the first time that a major TelCo is taking that step. There is already an implementation of OpenID on the French portal available at openid.orange.fr . Orange presents also on the page a list of OpenID providers. This is a good news for OpenID standard. The question remaining concerns the pace of adoption by the users. I could not find the access to the openID page by navigating from the homepage of the portal. It will probably pushed at later stage after the first tests. I also found the explanation not simple enough to understand for a new user (most of them are not early adopters) and Orange should probably think about a a short visual/demo to explain simply the benefits of such a service. An international roll out will probably come out soon. (via David Recordon) → Read More
The fragmentation of widget platforms presents a problem for developers, who need to develop and then maintain different versions of widgets for the various desktop widget platforms (Vista, Mac, Google, Yahoo) as well as online platforms like Pageflakes and Netvibes (and lots of others). The W3C has a working draft of a 1.0 Widget specification, which if adopted would make life easier for developers by requiring some standardization. However, the best solution for everyone would be a world where a widget works on every platform, no matter where it was originally created. Today at the Future of Web Apps conference in London, Netvibes founder Tariq Krim announced that their upcoming “Coriander” release will do just that. The new product will be called the Universal Widget API and will be available at eco.netvibes.com/uwa (this site is live now with a landing page, more information will be available next week). Once launched, any widget created for Netvibes, Krim says, will work on the Vista, Google, Mac and Opera platforms as well. Support for Yahoo Widgets and other platforms will follow soon after. A single javascript embed code will add the widget to any of the supported platforms. The code will recognize the platform and run the appropriate code for that platform within the widget. Once Coriander has launched, sites will be able to create and promote a single widget embed code for most platforms. Krim showed me Netvibes widgets running on a Mac as well as Google. Screenshots below. For people familiar with the look and feel of Netvibes modules/widgets, they will be immediately apparent. Krim also announced that Netvibes will be open sourcing the runtime at the same time as the platform launches, allowing anyone to expand the number of widget platforms supported. Expect smaller widget platforms to jump on this. Netvibes now claims 10 million active users. Krim says 1/3 of those users spend at least an hour per day on Netvibes, and 10% have Netvibes open “virtually the entire day.” Krim also announced that Netvibes will be supporting OpenID this year. → Read More
Kevin Rose, speaking here at the Future of Web Apps conference in London, just announced that Digg will adopt the OpenID decentralized digital identity platform. Don’t expect this right away though – adoption will begin “later this year” according to Rose. It’s definitely time to declare OpenID a winner and the hope for a single-sign on world a reality. This Digg news comes just after Microsoft and AOL announced their support as well. Yahoo, LiveJournal, and Wikipedia are among the other services that have previously announced adoption. → Read More
FreeYourID is a new web service that allows users to register a personal .Name domain name which in turn can be used as an OpenID identifier, website URL and email host. Your domain name will be in the format of first.last.name and the domain can then be directed to a website, host email aliases or more interestingly, be used as login credentials for services that support OpenID. For those of you unfamiliar with OpenID it’s an open standards based identity network similar to Microsoft Password that allows you to login to any website that supports the standard using the same credentials. It alleviates the problem of having multiple accounts and multiple identities at different serives and allows you to have a single unique username, password an in-turn profile. To use OpenID, your identity is stored on a trusted identity provider. Instead of logging into a site directly, you log into your identity provider, which upon your verification, shares whatever identity information you choose with the site. Currently there are a number of steps involved for a user to setup an OpenID identity, but with FreeYourID you can use your own .Name domain and have your OpenID identity setup and served automatically in a simple single-step signup process. With your OpenID enabled .Name domain setup you can then automatically login to any of the growing number of services that support the open identity protocol (for a list see here). This automation is key to helping OpenID reach a wider audience. In addition, FreeYourID will be rolling out integration with Lycos Europe and Pageflakes. Lycos will be releasing a new product, which will use .name URIs for identity across email, IM, and VOIP. Pageflakes, within a week, will be rolling out personalized .Name addresses for their users to access their accounts. FreeYourID also recently partnered with JanRain to act as their OpenID server. FreeYourID is giving away free 90 day trial of .Name addresses ($2.99/qtr or $10.95/yr. afterwards). → Read More
San Francisco, CA
