Aardvark Daily

Please visit the sponsor!

Son of Passport?

Those of us who have been around (and on the Net) for a while will probably remember Microsoft's ill-implemented Passport system.

The idea behind this was that you could have a "one stop shop" for all your online access authentication.

Create a Passport account with Microsoft and it would allow you to access any other Passport-enabled site that might otherwise require a separate login ID and password.

In a world where most people have either a growing list of passwords they need to remember -- or simply choose to compromise their security by using the same password for every site, you'd think that Passport might be an idea worth reviving.

Well it looks as if it has been revived -- but not by Microsoft and not under the Passport name.

Stepping up to the plate this time it's Yahoo, the folks who kick-started the online web directory and search engine marketplace.

According to reports, Yahoo is about to unveil an industrial-strength implementation of OpenID, an open-source project that has the backing of Microsoft and Google.

From what I've seen, OpenID has a much greater potential for success than Passport ever had, since the data doesn't need to be stored in a single central repository (with the attendant massive risks if that repository were to be breached).

Please visit the sponsor!

The OpenID system simply acts as a URL/password based ID authentication system that shares no information between the sites that use it.

Each site using OpenID is free to keep to itself, its own profile data relating to the user.

While this all sounds fine and dandy, and perhaps a "must have" for the password-overload that many Net users find themselves facing, I actually wonder if anyone will use this service as intended.

The built-in password memorising abilities of most modern browsers seem to have made the job of negotiating a myriad of password-enabled sites much easier than used to be the case.

FireFox and IE will both automatically fill in the password field on most webpages when required (if you've configured them to do so) and this effectively eliminates the need to memorise all that data on a day-to-day basis.

If you set a master-password on your browser, even the loss of your computer means your access should remain secure.

So why would you bother using OpenID?

Probably because you might have to.

If Yahoo, Google, Microsoft et al all decide to go the OpenID route, then you won't have any option. Logins to OpenID-enabled sites will all be done through the OpenID service anyway -- like it or not.

What will this mean to the average web-user?

Probably nothing at all.

Their browser will continue to fill in the necessary fields and the whole OpenID system may be just another, seemingly redundant step -- perhaps simply making life a little easier for the programmers building password-enabled sites but nothing more.

Yes, it would appear that the real beneficiaries of OpenID are the coders who might otherwise have to set up their own authentication system and ensure that users' names and passwords are kept secure.

Will OpenID become the new internet passport?

I don't know, but if the big names start committing to it we may eventually all end up with an OpenID in our future.

However, I suspect that there are still plenty of egotistical programmers who'd rather do things their way and show the world how clever *they* are, rather than rely on a thirdparty service or open-source code.

Passport is dead, long live OpenID?

What do you think?

Could OpenID be the authentication system that even our government is looking for as part of its eGovernment strategy?

Is OpenID strong enough to be trusted with such a mass of valuable data -- a library of passwords to a world of websites?

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Change Font