OpenID: Blessing or curse?

In the last weeks I stumbled about the technology named openID quite a few time. Today I decided to inform myself what this is about.

Our beloved wikipedia says on openID

OpenID is a decentralized single sign-on system. Using OpenID-enabled sites, web users do not need to remember traditional authentication tokens such as username and password. Instead, they only need to be previously registered on a website with an OpenID “identity provider”, sometimes called an i-broker. Since OpenID is decentralized, any website can employ OpenID software as a way for users to sign in; OpenID solves the problem without relying on any centralized website to confirm digital identity.

This sounds great… not having to remember dozens of passwords (given the case you DON’T use one password over and over again… *g*).
A more detailed description about openID can give you this google video

After seeing this.. You will probably say: Where can I get my openID and why doesn’t my $favorite website support openID…

There are a lot of criticism against openID. I found this article on The identity corner quite comprehensive.
It summarizes the flaws which are in the openID system.. Or better said: The problems they see…
An example:

Beyond this [Comment: the single sign on feature], OpenID is pretty much useless. The reasons for this are many: OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID “consumer.” Many smart people have already elaborated on these problems in various forums. In the rest of this post I will be quoting from and pointing to their critiques.

So.. maybe now you want an answer from me about kittens die when you are using openID or openID as a savor of the world.
Honestly.. I can’t do this. I’m not that of an expert in security and so it’s difficult to approve or disapprove the critiques.
But WHAT important is… You know now what the system is all about and have a starting point to get more information.. If you want too.

I’ll keep my eyes open for information about the development of openID…

Advertisements

2 Responses to “OpenID: Blessing or curse?”

  1. Eugen Anghel Says:

    OpenID can be great. Try http://certifi.ca It lets you use a certificate to login so you don’t have to remember any passwords.

  2. Free book about OpenID « Stefon’s Blog Says:

    […] book about OpenID In a previous post I have shown you that there is some controversy about OpenID being necessary. useful or just being […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: