Comments on: Windows Live Adds Support For OpenID, Calls It De Facto Login Standard

By: Kostroma

Kostroma — Wed, 25 Feb 2009 22:52:55 +0000

I’m a businessman. Let’s say a hacker logs into my store and steals value from me… in some form. Are the so called ‘openID providers’ liable for my losses? I assume they are NOT. But in fact they ARE, they provided the hacker with ‘means’ to defraud me of my money.

It’s not suitable for any business, people. I mean – it’s not USEFUL for me as a businessman, there is no legal basis for using this useless toy in my for profit business. And I can not imagine another business that could use it and it would be useful for the business. But of course Web 2.0 people can keep playing with this toy for as long as they want.

By: OpenID » Blog Archive » 2008: Momentum

OpenID » Blog Archive » 2008: Momentum — Thu, 15 Jan 2009 20:51:10 +0000

[...] [↩]Why AOL Created 63 Million New OpenIDs [↩]Google is Now an OpenID Provider [↩]Windows Live Adds Support For OpenID, Calls It De Facto Login Standard [↩]mixi Supports OpenID with the Simple Registration Extension [↩]Yahoo Implements [...]

By: Synthasite Buys ClickPass. I See Few Synergies.

Synthasite Buys ClickPass. I See Few Synergies. — Fri, 19 Dec 2008 03:53:52 +0000

[...] has taken many months for major companies to actually implement the standard (though they have been making strides lately). Randy Almond, SynthaSite’s VP of Marketing, says that the Clickpass [...]

By: Windows Live añade soporte para OpenID | Mamanga Blog Argentina

Windows Live añade soporte para OpenID | Mamanga Blog Argentina — Thu, 20 Nov 2008 00:52:02 +0000

[...] Enlaces: TechCrunch [...]

By: IdentityBlog - Digital Identity, Privacy, and the Internet's Missing Identity Layer

Thu, 30 Oct 2008 18:17:51 +0000

[...] took the story forward, calling out de facto [...]

By: Ross

Ross — Thu, 30 Oct 2008 17:51:46 +0000

Yes, but only if the identity provider had that capability.

Wouldn’t it be nice if the user created and owned their key to decrypt their identity…

By: Un account Gmail diventa un OpenID - Vittorio Pasteris

Un account Gmail diventa un OpenID - Vittorio Pasteris — Thu, 30 Oct 2008 04:28:11 +0000

[...] it, but you probably have an OpenID. If you have a Yahoo account, you have an OpenID. If you have a Windows Live account, you will soon have an OpenID. And today, if you have a Google e-mail account, you can also start [...]

By: yafflings » Blog Archive » Stepping Up to the Plate (OpenID style)

yafflings » Blog Archive » Stepping Up to the Plate (OpenID style) — Thu, 30 Oct 2008 03:06:17 +0000

[...] While others engage in a land-grab for my identity, one that now encompasses an additional 400 million Windows Live users, I’m still waiting for the person who will accept my identity as I know it now- because [...]

By: Buptencapturn

Buptencapturn — Wed, 29 Oct 2008 23:23:03 +0000

A brief prospectus on NY Institute of Technology, C.C.A., and DSU

New York Institute of Technology

New York Institute of Technology is a private academicly centered institution of higher learning. Founded in 1955, the institute now holds 10,000 students at its multiple campuses. The college university is fully accredited by the CHEA. Specific program accreditations include: Accreditation Board for Engineering and Technology, Foundation for Interior Design Education Research, American Dietetic Association for Preprofessional Program, and a number of others. The institute offers applicant freshmen academically-oriented programs leading to A.S., B.B.A, and M.A. degrees.

California Arts College

Founded to encourage advanced studies, the California College of the Arts offers a procedural approach to liberal arts academic, enabling students in a finctional range of disciplines in fine arts, operations, design, and History.

With an university population of around 1,550, the institution demonstrates state-of-the-art resources and operations in a community oriented, social university structure. Pupils learn from an established staff of renowned teachers in in-depth courses, with an node of 24 per class. Staff advisors, educated in enabling puils in establishing their college experience, are part of a respected program.

Drake State University

Drake State University was started through the stratigic combination of community outreach efforts. A multicultural, collaborating focus is an integral area of many degree programs at DSU. Founded to engage academic enrichment and achievement, central to the mission of Drake is its exceptioinal means to accommodate a wide array of styles of learning through professional assessment, collaborative experience and on-line focus. Throughout its organization you will find a learning community which is active with leading edge curriculums, professional structure and personal enrichment programs. Drake State University emphasizes the value of one on one relationships which are often established amongst students and faculty. As a direct result, a good number of students create the perfect combination whch enables them to tool the mantra of a Drake credential to propel them toward their professional goals.

Drake is founded by a notable group of Directors, each of whom holds a special subject of expertise which can help guide the educational outlook and giving of the organization. In a historically competitive career market, DSU has focused itself to enable the seeing of a growing number of applicants across a collection of areas of expertise. Its pupils have experienced subsequent success in the workplace, strengthening its reputation in the professional world.

By: Tom Morris

Tom Morris — Wed, 29 Oct 2008 18:51:52 +0000

“What if an identity provider was anonymous and untrusted?”

The same as if an e-mail provider is anonymous and untrusted. They provide a de facto identity hub through the use of ‘recover password’.

By: Your Gmail Account is Now An OpenID

Your Gmail Account is Now An OpenID — Wed, 29 Oct 2008 17:25:26 +0000

By: SharePoint Daily for October 29, 2008 - SharePoint Daily

SharePoint Daily for October 29, 2008 - SharePoint Daily — Wed, 29 Oct 2008 13:13:47 +0000

[...] Windows Live Adds Support For OpenID, Calls It De Facto Login Standard (TechCrunch)Login standard OpenID has gotten a huge boost today from Microsoft, as the company has announced that users will soon be able to login to any OpenID site using their Windows Live IDs. With over 400 million Windows Live accounts (many of which see frequent use on the Live’s Mail and Messenger services), the announcement is a massive win for OpenID. And Microsoft isn’t just supporting OpenID – the announcement goes as far as to call it the de facto login standard. [...]

By: Oliver Bell’s Weblog » Blog Archive » Azure SDKs, OpenID, Samba, ODF, DII, SAML 2.0, AMQP

Wed, 29 Oct 2008 04:42:21 +0000

[...] has some info on this announcement; Login standard OpenID has gotten a huge boost today from Microsoft, as the company has announced [...]

By: Anthony

Anthony — Wed, 29 Oct 2008 02:16:10 +0000

This is the problem with quickly evolving technology. Almost like the browser wars. Things get developed / financially backed too quickly, and then blindly followed by big organizations, without due consideration.

By: Ross

Ross — Tue, 28 Oct 2008 22:55:42 +0000

OpenID has a place and is relevant technology that provides and excellent solution to a real problem. Users hate managing user names and passwords and hate filling out registration forms.
Yes, there are concerns about OpenID’s security, but this has to be weighted against what your are trying to protected. Do you really care if your blog identity is hacked? Do you care if your eCommerce identity is compromised? The true is most users don’t care or don’t know any better! It’s the websites that care, they need to manage their exposure, and this is why we are seeing limited consumers of OpenID, and white lists are not scalable in the long term. Any identity management system the relies on the assertions is prone to trust issues.

What if an identity provider was anonymous and untrusted?

By: Windows Live Adds Support For OpenID | Jnbn.Org

Windows Live Adds Support For OpenID | Jnbn.Org — Tue, 28 Oct 2008 18:54:47 +0000

[...] Article: Techcrunch Kategori(ler): News Etiket(ler): de facto, id, live, login, openID, standart, windows, [...]

By: James Governor’s Monkchips » Kim Cameron and the Doorman: Don’t You Know Who I Am?

Tue, 28 Oct 2008 17:28:36 +0000

[...] took the story forward, calling out de facto standardisation: Login standard OpenID has gotten a huge boost today from [...]

By: DewCanSam

DewCanSam — Tue, 28 Oct 2008 15:32:56 +0000

The key here is you are a BUSINESSMAN as such, you are being ignorant when it comes to technology. I don’t run around and tell you how to run your business. So, don’t tell me what you don’t know. Until you have RTFM and designed and implemented an OpenID web application. STFU & STFD. And if a CRACKER breaks into your site that is your fault. Even if someone were to glean your databases all they would get is a mapping of uid to openid_url. That is hardly a security risk.

By: Robert

Robert — Tue, 28 Oct 2008 15:00:33 +0000

There’s a reason why no one wants to be a relying party – OpenId simply doesn’t give us high enough confidence in the actual identity of a claiming party. No one with data that they value (including all the big boys and every enterprise software company out there) will rely on OpenId until there’s a guarantee that the identity provider’s authentication is equal to or superior to your requirements. Today, this can’t be known.

And that’s just the technical story … try to convince the corporate strategy folks that they should rely on their competitor (Google/Yahoo/Microsoft/AOL) for their users to access their site. Just doesn’t fly.

By: Tom Morris

Tom Morris — Tue, 28 Oct 2008 11:14:04 +0000

Which is why we people can do OpenID whitelisting – if you don’t want BobsRandomWebsite.com to login you filter them out and only allow the big boys to provide authentication (Google, Yahoo, LiveJournal, AOL, Vidoop, MyOpenID etc.). Security is between the user and the OpenID provider – just as it is with e-mail.

Anyone can host an e-mail server. When you sign up for a website, it e-mails the password to you. You may trust sending your passwords to a big company e-mail provider like Gmail or Yahoo. But the nice thing with e-mail – and OpenID – is if I think I can handle my e-mail better than Gmail, I can run my own server.

I can understand why a bank would want to steer clear of OpenID. But for almost anything else, I can’t see a reason not to use it. In fact, reducing the known usability bottle-neck of signup (”Hey, just fill out this long form, then go to your e-mail inbox and click a link, stand on one leg and sing the National Anthem” vs. “Just type your AOL/Yahoo/Microsoft login in”) seems like a significant competitive advantage.

By: The Inquirer ES : OpenID recibe el impulso definitivo con el soporte de Windows Live

Tue, 28 Oct 2008 08:10:28 +0000

[...] TechCrunch [...]

By: Gofer01

Gofer01 — Tue, 28 Oct 2008 07:39:48 +0000

The way I understood this blog and the one from C-Net is that Windows Live ID will fully support Open ID “de facto standard” Below is the hyperlink to the other blog that I’m refering too.

http://www.netw.../102708-microso

By: Anthony

Anthony — Tue, 28 Oct 2008 05:26:23 +0000

If an unsuspecting internet user were to signup to a ‘hacked’ or otherwise an openID server with an inept server admin, this would raise some serious concerns for security.

The average Joe knows nothing about security, and would not realize that choosing your openID host to signup to openID with is actually a major security flaw / risk factor.

At a recent conference I went to, a speaker was pushing webmasters to use openID. I did raise this issue, and the speaker could only offer that perhaps that this is not a strong enough tool for use in the business / banking sector.

So tell me – what good is this? Without a real method of authorizing hosts to become an openID provider (through rigorous security tests and contracts (a server administrator could login as you through their records)) then there remains massive security flaws with openID… and I am not about to commit my customers to this.

By: Ben

Ben — Tue, 28 Oct 2008 05:25:39 +0000

Tom Morris, Stop being a fanboy for a moment and read what he actually said. The whole concept of OpenID has one huge fundimental flaw with the whole system. Trust. You have to trust that your openID host is honest. Also apps/websites that implement openID have to trust your openID host as well.
Not to mention the fact that any one can host an openID, without any creditials or knowledge of basic security.

By: venkat

venkat — Tue, 28 Oct 2008 03:39:53 +0000

We have to welcome this move form microsoft many sites should follow this