Yahoo Implements OpenID; Massive Win For The Project

Certainly the right thing to do in 2008!

Interesting move. Think I have to look more into openid…

I have experimented with and mulled over accepting OpenID on my site. This may have pushed me over to go ahead and implement it.

Great news.

It would be nice to see an OpenID login on techcrunch with this announcment…

What advantage does this have over the mostly-rejected ideas like Microsoft Passport? Other than — it’s not from Microsoft of course…

That’s big news!!!!
Congrats to OpenID and to all of us

Great move for Yahoo! I like the news allot.

Yahoo’s got it all backwards!

I swiftly went to my Yahoo account to switch it over to use my existing OpenID account, but what they’re actually offering is to let you use your Yahoo login as an OpenID account. At least they got it half right.

To the layman, it’s as if OpenID is a Yahoo invention - which it’s not!

It would be real nice for blog sites in general (and TC in particular) to accept OpenID for commenting, and have some additional primitive functionalities implemented to let the commenter edit or even retract an authenticated comment, say within a certain period of time, eg., within an hour or a day, etc.

+1 for Jo Potts comment. Everyone is becoming a provider, but there just isn’t enough CONSUMERS.

If they allowed you to use your OpenID for Flickr and Yahoo Groups - then we will have a winner…

DZ: The difference between OpenID and Passport is that with Passport, you HAVE to use Microsoft as your identity provider. With OpenID, you can choose your provider (just like you choose your e-mail or webmail provider) from anyone who supports the OpenID standard - AOL, Yahoo!, MyOpenID.com, VeriSign or a bunch of others.

a blow to Facebook?

Here’s a nice example of OpenID in action across multiple apps:
http://37signals.com/openbar

If you use your OpenID, signing into your Basecamp account will also automatically sign you into your Backpack or Highrise accounts as well.

I was playing with the idea of allowing OpenID logins on my blog for comment purposes but how hard will it be to create a Yahoo OpenId on the fly to spam with?

Just as easy as it is to create a throw away hotmail address?

Just to play devil’s advocate, what if OpenID’s database gets hacked? We’d all be screwed. Does anyone know how secure they’ve made it?

I’ve already activated OpenID on my main blog, but it seems that only very few of my readers know about it. This move by Yahoo is indeed a great boost for OpenID. I hope Google will do the same.

Michelle Greer: OpenID’s database? There is no such thing. Each provider have their own.

great move for yahoo!

I sincerely hope that this works. Good move for Yahoo! A few points in the bag over their rivals but I’m sure it won’t be long before they come along, too.

@6 - I believe Microsoft Passport is only for MSN, hotmail, etc, which are all just Microsoft Products.

@15 - agreed, I don’t know if Yahoo validates emails during signup. I suppose OpenID members could ban certain accounts also if they get flagged.

Good article.

Bah. “But he would not confirm when (or if) Yahoo would also allow become what is called a “relying party” (allowing users with third party OpenIDs to log in to Yahoo)”

I don’t need more options to *get* an OpenID, I need more options to *use* an OpenID.

I think #16 raises a good question. With the widespread adoption of OpenID among non tech-users security is going to become a big issue, especially with phishing attempts. Plenty of my friends had their accounts phished on myspace simply after clicking on a picture that redirected them to a login page lookalike. Because “The user’s going to pick dancing pigs over security every time”.

Ah…finally…..This really means OpenID is all set for success!

bookmarked @ http://livbit.com

great news and big updates too

Makes a lot of sense. Great to hear.

There are a healthy number of FREE OpenID Providers available to web users interested in establishing their online identity via OpenID. Yahoo, Orange and AOL have made it very easy for users to establish their OpenID identity by using the sign on credentials they already have through these services. It won’t take long for the remaining mainstream sites to jump in. This is great news for the OpenID project! While large mainstream sites continue to jump on the bandwagon, there are numerous OpenID Providers that are solely dedicated and built around offering web users with feature rich and very secure online identities. A great example is myVidoop.com with their “Goodbye Passwords” approach to security, anywhere anytime access to stored usernames and passwords and user controlled account management via their site tools and SMS features. Other providers add SSL and anti-phishing features just like Yahoo’s Sign-In Seal. Users should really explore what these other Providers have to offer. SpreadOpenID.org has a Provider comparison to help users choose a Provider that suits their needs.

If you are interested in vetting an OpenID provider before you get an OpenID account there is a comprehensive review of the current top tier providers on http://spreadopenid.org

Va a ser muy útil en un sitio como lo es yahoo
http://www.spymac.com/details/?2324191

Not sure how many of you have actually used OpenID account. I found out, after playing with it, that OpenID, in its current state, is not a security measure per se, nor is it a universal login. Maybe the rules would change in the future to make it a security issue or universal login, but for now it is just a way of holding your personal information at a third party site, which passes it to the site you are signing onto…

So, you put your openid info in a website at openid.com or whatever, and then you go to Meebo.com, which accepts openid. What happens is you enter your URL, which would be something like openid.net/bob… Then it takes you to your openID original site, where you login, and then it flips back over to the first site with all the data entered into their database. So openID is a facility to move your personal data around.

I just don’t get it. Can somebody tell me what’s the point of OpenID?

All I know is it is getting more traction than that Microsoft security login that was tried years ago.

First - it is good news

the question is whether it will become a standard de facto for authentication.

I , as a site owner would like to have the ability to have general information about the user , such as : name,image,age,email etc. The user will be able to define which profile info are accessible to other sites.

Tal,
http://www.copenda.com

I’m with Jo (#9), Myles (#11) and Brett (22).

What’s the use of Yahoo (and LiveJournal, Orange, AOL, etc) using *their own* signons as external OpenIDs but not allowing existing OpenIDs access to Yahoo’s own sites?

It’s like saying that you can send email to Hotmail friends but you’re not allowed to read their replies! (Well no, it’s nothing like that. But you get what I mean…)

Open it all up, guys! Universal OpenID signons please.

@Dan #30 — You’ve understood it correctly but missed the significance.

As OpenID signons become more widely accepted, you’ll only ever have to remember *one* OpenID url (rather than lots and lots of individual account names) and *one* OpenID password (rather than goodness knows how many individual website passwords you’ve collected).

I’m not sure I’d want to secure my bank account with OpenID but for signing on to blogs, for instance, just to leave a short comment, it’s ideal.

@9, 11, 22, 32:

You are right, but think realistically. Why in the world would Y! develop this half of it and not the other? They’re not stupid, they see the whole picture; you simply have to walk before you run. OpenID by itself is a novel concept, especially for the kind of broad userbase that Y! has - you need to allow some time for the idea to become accepted and understood.

This is a building block, not the final piece.

For a comparison of 8 OpenID providers (where you can get an OpenID), see my post here.
If you want to read more about OpenID, see my other posts about OpenID, referred to in this article.

OK so you can use your Yahoo! ID elsewhere. Cool.

But you use no non-Yahoo! OpenID at Yahoo? That’s not exactly clear. Because if you can’t, this is more of a blow than a success.

If you can, expect to see Google follow suit. And finally, it will win.

Dangerous, too much power in one place, bad news.

I was already annoyed having to use my Yahoo ID to access Flickr. Soon I’ll need a Yahoo ID to get in my apartment or flush my toilet

I don’t like it. I want different logins for different sites. Don’t be lazy, just remember your passwords people. Or write them down if your memory is bad, save them as macros, or whatever you need to do. But don’t sell your soul for a little convenience.

this is a win for both Yahoo and openID.

also, @PJ, several different companies are signed up for the OpenID (AOL and Wordpress to name a couple off my head.) In other words, you don’t have to have a Yahoo account to have OpenID, and if you have OpenID, Yahoo is not the only place to use it.

@36

Why not be your own OpenID Provider? Then you’ll have sole (sorry) rights to your soul.

“Today, there are only approximately 120 million valid OpenID accounts”
This seems low before you add in the Yahoo accounts.
AOL added OpenId support months ago so any AOL screen name or AIM screen name or email-address registered as a userid at AOL (like thecronester@googlemail.com) can be an OpenId via AOL (openid.aol.com/) so I would have thought that would have been a big number.

But how will this tie-in with my existing Yahoo ID which I’ve had for years now? I hate the ID I have but there is no way to change it without starting over from zero. If I have to use my Yahoo ID for this, then it is a non-starter for me.

Yahoo really should have a process for exporting your old userid content to a new one!

Its about time yahoo beats google and the rest in something, . I dont understand why nobody talks about yahoo anymore, found a great comment about the industry here, http://www.opentopix.com/topic.....ts-open-id

Great new!!! OpenID will be very important near future.It will be a big boss.

Great idea,it would be cool to have an open ID on other website like bakugan.com,berryarts.com or berrysky.com.

@41:

johns, I am the product manager for Yahoo!’s OpenID effort. Regarding your concern, if I understood it correctly, your Yahoo! ID (eg: johnsmith@yahoo.com) will not necessarily be used in your OpenID URL. In fact, our implementation will not require the user to understand the intricacies of the OpenID technology and how URLs are used as identifiers. Also, in case you are a Flickr user, you will have the ability to use your Flickr photos URL as your OpenID identifier.

Good new!
Yahoo! is earlier than Google this time!

Excellent idea……………..

Great thing! Thanks for the information!

that’s a great move by yahoo.

so when will I be able to login to Flickr or Yahoo with my MyOpenID? bit weird to say the least…

Centralization of information is NEVER good. Sorry.

There is clear value to be an OpenID Identity Provider -(IdP) - i.e. allowing your existing users to use an URL with your own domain name to log into other ‘relying parties’. In this case for Yahoo, it is enabling its users to use the Yahoo ID, in the form of xxxxxx@yahoo.com, to log onto relying party sites like LiveJournal, etc.

It’s good for Yahoo because this allows Yahoo to extend its brand beyond the constellation of Yahoo sites. Everytime a Yahoo OpenID user uses the Yahoo OpenID to logo onto otherrelying party sites, the user is reminded that “I am a Yahoo User” because the user has to type xxxxxx@yahoo.com to log in. OpenID in this case creates ’stickiness’ for Yahoo, and reduces user churn.

Based on the OpenID authentication protocol, Yahoo also gets to know what other web sites the user is using as the user is logging onto these sites using the Yahoo OpenID. So it will know, “Oh. This user has an account on LiveJournal, on Plaxo, on Magnolia, etc., etc. Let’s figure out a better way to target ads at him.” Another plus for Yahoo.

The minus to Yahoo in this case is minimal — a) initial engineering and product mgmt work to enable OpenID, b) on going maintenance, and c) additional authentication traffic in the form of additional bandwidth.

But the key to OpenId success is for Yahoo to become a relying party, or for ANYBODY with a large enough user base to become a relying party. Without relying parties, the identity problem will not be solved because the user still is stuck with multiple OpenIDs from multiple OpenID providers — it will not be any different than what it is now.

OpenID benefits to relying parties often do not out weight the negatives for becoming a relying party. Benefits include, among others, a) not having to authenticate the user because the IdP like Yahoo is authenticating him for you, b) not maintaining user passwords so no customer service calls for forgotten passwords. The issue here is that it’s not clear who is legally liable if the IdP screws up the authentication, or how the relying party is supposed to trust the IdP. It’s a big deal for large web sites like Yahoo or Google and it will take a very long time for them to feel comfortable to trust the authentication and security practices of another IdP to rely on it. Perhaps one day, they will feel comfortable to trust some IdPs, and accept logins from them, but not others. Balkanization ensues and the consumer is confused, and screwed, again.

So, I am waiting with bated breath to hear the pronouncements from Yahoo, AOL, Google (beyond blog comments) that “We accept third party OpenID login”.

There is no doubt: This Yahoo movement would contribute to reinforce OpenID project. We think it could be a good news!!

hopefully google also moves for it very soon

i look forward to trying this out.

ghzsfjjfykglgljl

How does mobile support factor in to open id?

I am irritated to see they are only allowing the use of Yahoo accounts as openID and not allowing me to sign up to Yahoo sites like MyBlogLog with my existing openID.

Thus missing the point of openID.
It’s as if Yahoo are saying “Yes a one for all signup profile. Great idea, just as long as we are the one”