Posted at 8:59 pm on November 3, 2008 by Brian Kissel
The OpenID Foundation is pleased to share that OpenID Japan has launched with 32 members including merchants, portals, educational institutions, insurance companies, manufacturing companies, airlines, and banks.
This announcement is significant for several reasons:
The number and breadth of industries represented by the new members
The use of OpenID by member companies for commercial transactions
Collaboration between OpenID Japan and Liberty Alliance Japan
An earlier survey by internet.com and Marsh Research of Japanese internet users found that 28% of knew about OpenID and 15% were using OpenID
Congratulations to OpenID Japan on these significant milestones.
This entry was posted
on Monday, November 3rd, 2008 at 8:59 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 7:27 pm on October 30, 2008 by The Shared Admin
This is a historic week for OpenID. Google and Microsoft announced the release of code to support OpenID 2.0 across their most important properties. On Monday, Microsoft, announced OpenID 2.0 support for their 460 million users on the LiveID platform. On Wednesday Google said it will be supporting OpenID 2.0 for any user that has a Google account. Both of these deployments are great news for the OpenID community and the Internet at large. It can be safely said that within the coming months, every single user on the Internet will have an OpenID.
There was some discussion from a few people yesterday claiming that Google’s implementation was a fork of OpenID. Today, Eric Sachs, Google’s lead on this effort, has another post responding to some of this early criticism:
That registration requirement also led to some confusion because users wanted to be able to use existing websites that accept OpenID 2.0 compliant logins by simply entering gmail.com (or in some cases their E-mail address) into the login boxes on those websites. … Once the XRDS file is live, end-users should be able to use the service by typing gmail.com in the OpenID field of any login box that supports OpenID 2.0, similar to how Yahoo users can type yahoo.com or their Yahoo E-mail address (In the meantime, if you feel really geeky, you can type https://www.google.com/accounts/o8/id into an OpenID 2.0 login box).
Although these are both considered “preview releases” by both companies, the fact that they have put code out there that developers can start to work with is absolutely fantastic. Both Google and Microsoft have stated that these are testing implementations and as such, their may be certain limitations while they work on localization, scaling and general UI.
Mike Jonestalks about some of the details of the Microsoft LiveID testing:
One feature of the OpenID 2.0 implementation that I’d like to call your attention to is that they give users a choice, on a per-relying party basis, whether to use a site-specific OpenID URL at the site for privacy reasons, or whether to use a public identifier for yourself – explicitly enabling correlation of your identity interactions on different sites.
This entry was posted
on Thursday, October 30th, 2008 at 7:27 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:45 pm on October 1, 2008 by Brian Kissel
A couple of weeks ago the BBC hosted twenty-six people from seventeen organizations including eight OpenID Providers and eight OpenID Relying Parties (sites which accept OpenID logins) in New York City to kick off an OpenID Content Provider Advisory Committee. The goal of the session was to answer specific questions by the Content Provider community (media companies and national affinity groups) as well as to provide feedback to the OpenID Foundation, its member companies, and the wider community on the future direction of OpenID.
While OpenID has seen rapid adoption in the “user generated content” segment (blogs, discussion groups, wikis, etc.), we were very excited to see increased interest from mainstream media companies and affinity organizations. Participants at this event included AARP, AOL, BBC, Google, Hearst Magazines, JanRain, Meredith, MySpace, National 4-H, National Public Radio (NPR), The New York Times, Reed Business Information, Six Apart, Time Inc., Vidoop, and Yahoo!.
Throughout the day we covered a wide range of topics including:
Business case for OpenID — use cases and economic impact
Best practices for OpenID Providers and Relying Parties in the areas of user experience, data support, security, and product features
Optimal Content Provider user experience
Data Management — sources, integration, industry specific data, accuracy, security & trust
Coming Enhancements — Provider Authentication Policy Extension (PAPE), OAuth, Portable Contacts API, MySpace Data Availability, and integration of OpenID into browsers.
Yahoo!, Google, and MySpace all presented information about their OpenID Provider services, thoughts on user experience and lessons learned, and some future plans. National 4-H presented a summary of an OpenID-based integrated National, State, and Local web platform that they will be deploying in the coming months. We shared a case study on Japan Airlines (JAL) federated partner commerce using OpenID with the proposed Trusted Data Exchange (TX) extension that Nomura Research Institute (NRI) has been developing. There was extensive discussion between existing and potential Relying Parties and the OpenID Providers about what would facilitate faster and broader adoption of OpenID in the Content Provider community. The session was moderated and feedback captured by Market Focus, a strategic marketing consulting firm who will be performing additional customer and market research on behalf of the OpenID Foundation.
If other content providers would like to join this advisory committee, please contact Johannes Ernst or Brian Kisselof the OpenID Foundation Customer Research Committee for further information.
Additionally, many members of the OpenID community will be attending the upcoming Internet Identity Workshop (IIW) on November 10-12 at the Computer History Museum in Mt. View, CA. This will provide a great venue for face to face discussions and additional opportunities to provide input and feedback on the future direction of OpenID.
This entry was posted
on Wednesday, October 1st, 2008 at 5:45 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 10:33 pm on August 25, 2008 by David Recordon
Last week mixi, the largest social network in Japan, become an OpenID Provider for all of their fifteen-million plus users; one in five Japanese web users are on mixi. While they are another large OpenID Provider — which some argue is a bad thing — they are the first large OpenID Provider to also support exchanging profile information. While early adopters using OpenID Providers such as MyOpenID.com, MyVidoop.com, and VeriSign’s PIP have had the ability to exchange profile information for well over a year with the Simple Registration Extension, this is an important step forward with larger OpenID Providers seeing the value in exchanging profile information as well. This means that when a mixi user logs in to a site using their OpenID, the site is able to request access to things from their profile like their name.
Earlier today, ReadWriteWeb wrote more about how Mixi Brings Sophisticated OpenID to Millions of Japanese Users asking why Facebook isn’t using OpenID for their Connect APIs and providing a good overview of why mixi adopting OpenID with Simple Registration is helping to push the envelope:
The moral of the story, though, is that another major social network now supports OpenID and is pushing the envelope with the features included. They aren’t acting as a relying party yet, allowing users to login with OpenID from other networks, but the functionality of Mixi user profiles has now increased dramatically thanks to open standards.
Along with mixi’s launch last week, Six Apart released a mixi commenting plugin for Movable Type. (Disclosure: I work for Six Apart) This plugin allows mixi users to comment on Movable Type powered blogs and have their name from their profile show up next to their comment.
All in all, great news for OpenID coming out of Japan!
This entry was posted
on Monday, August 25th, 2008 at 10:33 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 5:00 am on August 10, 2008 by Scott Kveton
Its been an busy week in the world of OpenID. On Friday Ben Laurie announced a security vulnerability around OpenID that relates to existing problems with DNS and certain SSL certificates. Discussions on the OpenID General mailing list have been fruitful and the major OpenID providers out there today have disclosed that they are either not vulnerable or patching quickly. It should also be noted that none of the providers listed at openid.net/get were ever vulnerable to this attack.
One of the greatest parts of the OpenID community is that the people developing this technology react so quickly to problems that inevitably arise. There is no such thing as 100% secure with anything on the Internet but we can (and have) put measures into place to react quickly as a community when issues like this occur.
OpenID has two challenges it faces to increase adoption and use; security and usability. This afternoon, Randall Stross of the New York Times published his “Digital Domain” column criticizing OpenID on both of these points. Its great to see people looking at security with regards to OpenID and asking the hard questions and it also highlights a few common misconceptions:
Authentication is out of scope for OpenID: Because there is no silver bullet for security, the way you authenticate your OpenID is actually out-of-scope of the protocol. As such, you can use whatever level of security you want to protect your OpenID. We have seen vendors offer unique solutions like Verisign’s VIP, JanRain’s CallVerifID and Vidoop’s ImageShield created to provide alternatives to passwords for authenticating users’ OpenID’s. OpenID allows companies both large and small to experiment with ways to authenticate their users without requiring buy-in from sites across the Internet.
Information Cards solve a different problem than OpenID’s: In his article, Randall mentions how Information Cards are more superior in terms of authentication compared to OpenID. In actuality, you can use an Information Card to secure your OpenID if you want and there has been a lot of work on this within the OpenID community. VeriSign’s OpenID provider even supports Information Cards in addition to token based authentication. Information Cards provide the means to securely authenticate you assuming you have the technology installed on your machine. In addition, Information Cards lack the ability to take advantage of one of OpenID’s main strengths, the destination or URL that a user has proved they own. The potential for this end-point for services is limitless and may serve as one of the key components driving OpenID use; the ability to move data from somewhere on the Internet that you have proved you own.
Nobody is really adopting OpenID: I’m always surprised to hear people say that just because the big players are only OpenID providers (and not consumers) that we’re failing here. I always try to remind people that this technology is only three years old and we’ve made tremendous strides since its inception. Not only that, the latest graphs continue to show hyperbolic growth. These things take time and again, security and usability will be key drivers to OpenID adoption moving forward.
I’m excited to see a lot of interesting efforts from the community to help with usability. Tom from Barnraiser.org has been doing a series of articles that describe some of these usability issues. We’ve seen community efforts such as Email Address to URL Translation, which allows users to enter their email addresses instead of URL’s and Identity in the Browser (IDIB) which is hoping to bake OpenID functionality (and increased security) into all of the modern browsers.
On the security front, we’re seeing traction in the development of the OpenID Provider Authentication Policy Extension (PAPE) which will help sites be able to determine which providers they will trust based on the means of authentication the user has used to get access. Both Sxip and JanRain have implemented early prototypes of PAPE on their OpenID providers.
We’ve got a long way to go here with OpenID and getting it to a point where it can stand in the face of criticism but I’m confident of this community that has come together through the first three years to get where we are today. I still firmly believe the best is yet to come.
This entry was posted
on Sunday, August 10th, 2008 at 5:00 am and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 12:24 am on July 25, 2008 by The Shared Admin
On Tuesday of this week, popular social networking site MySpaceannounced support for OpenID and integration with their Data Availability initiative.
MySpace is launching as an OpenID provider to begin with bringing the grand total of OpenID enabled users on the Internet to well over 500 million users.
What’s interesting to note about this announcement as well is that MySpace is now layering additional, value-added services on top of the OpenID that make it even more compelling. This is an exciting time for OpenID and its clear the momentum is only just starting to pick up.
This entry was posted
on Friday, July 25th, 2008 at 12:24 am and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The OpenID Foundation has covered a lot of ground in the last 1.5 years since its inception. We consolidated a number of internet identity efforts, built an organization charged with promoting and protecting the efforts of this fantastic community, developed an Intellectual Property Process that will ensure OpenID stays open, brought a number of the major vendors as participants in the community. and are seeing the first signs of deployment.
Bill Washburn has been the Executive Director of the OpenID Foundation since January 2007 and was instrumental in all these achievements. BIll took a leap of faith during the formation of the Foundation, working tirelessly on the promise that it we would succeed. Bill’s skills as a mediator and his passion for the Foundation’s mission made the impossible possible. In short, without Bill, the OpenID Foundation would not exist. We, as a community, owe a huge debt of gratitude to him for all of the work that he has done.
As is true with any growing organization, a time comes when a different set of skills are needed as the organization moves from one phase to another. That time has come for the Foundation. The Foundation now needs a more operationally focused Executive Director to deliver on the Foundation’s new needs. Bill Washburn will remain on to help with the recruiting and transition. If you think you have the right stuff for the OpenID Foundation, please drop us a line at board@openid.net.
This entry was posted
on Wednesday, May 28th, 2008 at 7:48 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
SourceForge implemented relying party support (as opposed to just being a provider) which is a trend not often seen by larger players. I wanted to talk with one of their developers to see what it took to make this all happen, especially in a large organization like SourceForge. I spoke with Luke Crouch who was the lead developer on the project.
In this podcast I try to cover some of the questions that large sites have to consider when adopting OpenID as well as ask a bit about the future for open technologies at SourceForge. Hope you enjoy it.
This entry was posted
on Wednesday, May 7th, 2008 at 11:12 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 12:15 am on May 1, 2008 by David Recordon
If you use open source software then you’ve probably heard about SourceForge before. If you develop open source software then you’ve probably even used some of their infrastructure in the past. Today they’ve made it even easier to login to SourceForge with OpenID. SourgeForge.net isn’t acting as an OpenID Provider but rather is accepting OpenID logins; this is a good thing and reinforces the trend of sites like Ma.gnolia only accepting OpenID logins.
In their announcement OpenID on SourceForge.net they say, “OpenID is getting tremendous traction and we’re happy to be jumping into it. it’s bringing us back in touch with fresh web (2.0) technology. as a decentralized open-source standard, it’s a perfect fit for us – it allows us to streamline more user interaction and participation with our site, and hopefully more for the whole OSS community.” As Steven Osborn points out, SourceForge.net is now one of the most prominent single sites that accepts OpenID to login. Steven also goes on to talk about some of the more advanced things SourceForge allows you to do with your OpenID if you do wish to use your profile URL as an OpenID too.
Congratulations SourceForge for continuing to help get OpenID in the hands of open source developers on a daily basis!
This entry was posted
on Thursday, May 1st, 2008 at 12:15 am and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Posted at 3:33 pm on January 14, 2008 by The Shared Admin
Over the past two and a half days, nearly fifty different people came to the first ever OpenIDDevCamp hosted in San Francisco. Nearly twenty people showed up Friday evening to start drawing up the agenda for Saturday from a list of possible projects. Saturday we had our first full day of discussions and hacking around OpenID today. About thirty-five people showed up and hacked, talked and shared. Sunday started out a bit slower though my noon everyone was back to cranking on a new OpenID test suite, XRI debugging, and OpenID usability with some focus on mobile (partially inspired by Chris’s blog post). Thanks to Vidoop for sponsoring breakfast, thanks MyStrands for sponsoring lunch and of course big props to Six Apart for hosting the event. A bunch of photos can be found up on Flickr under the “openiddevcamp” tag.
A good group discussion about the possibilities around what we can land at OpenID end-points. (see Scott’s post on this). Consensus is that we’ve got the pieces and now its time to crank out some code.
Joseph Smarr upgraded Plaxo to be an OpenID 2.0 relying party and debugged their support of i-names. (woohoo!)
Chris Messinaled a discussion on OpenID usability where we worked on developing relying party best practices around login interfaces and error messages.
Additionally, getting an entire group of OpenID veterans was a great way for people to debug their problems and learn new things:
A few people got their Ruby on Rails blogs OpenID enabled for commenting.
Getting the Java version of consumer library installed and figuring out what it takes to be a provider (hint: acting as a great provider is hard).
Some takeaways and things the group would like to try to accomplish for next time:
Translate vCard attributes to Attribute Exchange schema end-points.
Planning and organizing OpenIDDevCamp really wasn’t that hard so if you’ve ever thought about putting together an event like this, you really should! Feel free to use this event’s wiki page as a template.
This entry was posted
on Monday, January 14th, 2008 at 3:33 pm and is filed under News.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
