OpenID Prime Time Redux, now with Microsoft!
"We don't all agree on everything. I don't agree with myself on everything..." -- Rudy Giuliani
Not too long ago I opined about whether OpenID was really ready for Prime Time
A Short while ago, Microsoft announced a deal with JanRain, VeriSign and Sxip to develop integration between Microsoft CardSpace and the open source OpenID project. In addition, the partners announced that Microsoft would be bringing its anti-phishing technology to the OpenId platform - important, because any time you have an open-source, open-standards Single Sign On infrastructure, you are going to attract the dastardly hackers that attempt to abuse it.
I believe that these are new technologies that will have a significant impact on the future of the Internet, identity and single-sign-on (SSO) as we know them.
OpenID is an open, decentralized, free framework for user-centric digital identity. It attempts to solve the problem of Web single sign-on - something that Microsoft attempted at first to do with Passport (now "LiveID") but met with stiff resistance on. If you struggle with keeping track of different usernames and passwords at different websites where you have an account, OpenID can help. With OpenID you will be assigned a standard username (typically a URL) that you can use on all sites that support OpenID. For example, mine is "pbromberg.myopenid.com". But the key thing is "designed not to crumble if one company turns evil or goes out of business".
Anyone can get started using an OpenID, get one at myopenid. Now the cool news (besides the MS-JanRain et al dealie) is that Jason Alexander has started working on a C# port of a Boo control that implements OpenId. Apparently Scott Watermasysk and Scott Hanselman have jumped on board, and they've started an open project on it at .... no, not codeplex.com, but Google Code!.
I don't know Watermasysk personally; I do know he's good. But I do know Scott Hanselman - and I can tell you that if he will quit playing with all his gadgets and toys that he always has with him, and decide to work on this, good things will definitely happen fast.
I believe many developers are struggling with TFS for source control and some have switched to SVN, which Google code uses. We use svn at work with the Ankh VS.NET Plug-in, and so far, I have no negative issues at all with it. Umm, the price is pretty good too ....
I left a comment on their Google Code project site that I was willing to contribute, but I also stated that they ought to search around first. There is suddenly a lot of interest in OpenId (and Cardspace integration) and now that Starship Seattle has jumped on it, I expect it to be looking at you big time, right away. I did hear back from Jason, and I got the impression that they have a mature plan to handle it.
In other news
How many times have you read a forum or newsgroup post that was so ReallyReallyDumb that you felt compelled to answer with the url of a Google search on the subject? I know I have, if for no other reason than to implement the old Chinese proverb of "Teach a man to fish" wisdom. Now there's a site that will get the message across for you! Just JFGI (for OpenId)
Sounds interesting...I wasn't even aware of Google Code! Google is really getting their hands into absolutely everything! Do you find the Ankh VS.NET plug in useful? We use SubVersion without even using any VS.NET plug ins, just TortoiseSVN. I found that Ankh was slowing down our larger VS.NET solutions significantly when we'd open them or do tasks that would require Ankh to navigate the entire solution tree.
ReplyDeleteIt'll be interesting to see how well OpenID takes off
I think that the problem with phishing in OpenID doesn't have to depend on CardSpace. There are already good OpenID providers, like certifi.ca, that use browser certs rather than password authentication. No passwords means no phishing, ever.
ReplyDeleteEvan,
ReplyDeleteI don't think the Cardspace integration has anything to do with adding Microsoft's anti-phishing technology. Cardspace is identity- related only.