I was pleased to read the announcement that OpenID and Microsoft have teamed up. Read more about it here: http://radar.oreilly.com/archives/2007/02/openid_gets_a_b.html.
This could be a significant partnership and a strong boost towards having an accepted consumer standard for single sign-on. What’s even more interesting is the rather innocent comment thrown in at the end of the above reference: “Microsoft plans to support OpenID in future Identity server products.” If that is the case then I wonder whether they will follow the model of being a federated identity provider on behalf of large corporate enterprises. Once you get over the shock of actually thinking such a thing it’s not something too far outside the scope of imagination and could help facilitate identity management for organisations too time\cash strapped to set up their own infrastructure. I’m getting ahead of myself – let’s get back to the now!
What, exactly, is OpenID? From OpenID.net, we learn that it is “is an open, decentralized, free framework for user-centric digital identity.” In fact, it’s not all “open” – the open source elements as originally presented, comprised about a third of the overall code-base. I think I’m correct in stating that the model as it was originally being presented by Verisign, was that for the full industry strength security model, customers would need to buy into the Verisign closed-source OpenID based product. That is my recollection from a meeting I attended a while back – but please correct me if I’m wrong!
The benefits from a customer perspective are better protection against Phishing and the ability to manage as many different profiles as they wish within the same identity framework. There’s some interesting comment on this blog here: http://kveton.com/blog/2007/02/06/cardspace-openid-working-together/, and here: http://daveman692.livejournal.com/292084.html.
What about from a business benefits perspective – can we get any benefit right now from OpenID from an enterprise identity management perspective? I think the truthful answer to this is no and right now it seems to be squarely aimed at the customer web product side of things. But I’ll be watching the news with interest, particularly as to how Microsoft might work this into their own identity server products. That’ll be interesting.