OAuth Core 1.0 Final – Out the door into a service near you

At IIW 2007b OAuth Core 1.0 Final was released. I wish I could attend IIW but I had previous work related obligations that I simply could not get out of. I do hope to attend the next one (IIW 2008a). Now it’s time to update the C# client to the latest and really final version of the spec. Congrats to everyone involved with OAuth. It is a truly amazing group of people and I think we can all be proud of the outcome! [Read More]

Corporate Identity and Identity Issues

There is a lot of buzz about Sun’s announcement of OpenID support and the fact that Sun will be giving OpenIDs for all of its employees. While this is indeed good news for the identity community in general and for the OpenID community specifically, it got me thinking about the implications for such a move in which a big company OpenID enables all of its employee. If a company OpenID enables all of its employees and its OpenID server is usable for outside parties to authenticate against it means that now every employee of that company, when authenticating with his/her OpenID can be verified as an employee of that company (providing that no one spoofs the domain and DNS settings, etc). [Read More]

The new and slick myOpenID.com

I’m probably the last person to talk about it, by myOpenID.com has a cool and slick new design [via Scott’s blog]. They also added a cool new feature, client side certificate, so when you install such a certificate on your machine you don’t need to do anything to sign in. It does all that for you! Just remember to NOT use it on public computers or on computers that are being used by more than one person and do not have a different user names for each person. [Read More]

Twitter and OpenID

Dave Winer says: “[…] we could make Twitter the open identity system we’ve been looking for. Make your Twitter ID the one that you use to log on to other service […]” I say let Twitter support OpenID with all of the good Relaying Party Best Practices including (but not limited to): Ability to associate an existing account with an OpenID Ability to switch to another OpenID (sort of a password recovery for OpenID) Ability to create a new account directly with an external (non Twitter) OpenID (be a standard relaying party) If they want to, they can also be an OpenID provider (which should be good for them, of course ;-) ). [Read More]

Why use OpenID? – A matter of choice (and consolidation)

One of the advantages of OpenID is that it enabled you, the user, to consolidate various accounts on various web sites into one (or more, if you have more than one OpenID) identity. Of course you get the side benefit of having only one login and password to use, but for the sake of this argument, that’s a side effect :-) . This is a choice that was never available prior to OpenID, and when it does exist in the form of Google Accounts/Yahoo BBAuth/Microsoft Passport Live ID it allows you access to the provider’s web sites and assets and a handful of 3rd party sites that supports that vendor’s authentication protocol. [Read More]

OpenID, Trust, Vendor Locking and Delegation

There is a lot going on about OpenID these days and a lot of claims are being raised which prevents greater adoption of OpenID by users. One of these claims is about Trust and Vendor Locking. How can I trust a certain OpenID vendor? after all, gaining access to my OpenID account will give access to all of the sites I’ve signed in/up using OpenID. This is a legitimate claim, since it reminds everyone of how Microsoft Passport. [Read More]

idproxy.net

If you haven’t done so already, go check out (and hopefully use, afterwards) idproxy.net. As written in idproxy.net’s about page: idproxy.net acts as a bridge between these two worlds. You can sign in to idproxy.net using your Yahoo! account, and then create one or more OpenID accounts for use elsewhere on the Web. Basically, if you have a Yahoo ID, you can sign-in and create an OpenID for yourself at idproxy. [Read More]

OpenID Delegate Plugin for WordPress

Continuing my WordPress plugin frenzy and after release the MicroID WordPress plugin, I’m releasing another plugin, this time for OpenID delegation. The plugin is named “OpenID Delegate” and you can read all the details and download it from here. Q: So what’s this OpenID I’ve been hearing about? A: According to OpenID.net: OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). [Read More]

Eurekamp

I’m blogging directly from Eurekamp where I’ll start a presentation and discussion about Trust and Identity online. I’ll try to cover topics such as why do I need, how to do it (OpenID, OpenID, OpenID) how to claim what is content that was generated by me (MicroID, MicroID, MicroID). I’ll post some of the slides here after we will finish. The slides will be a bit not organized, mainly because they are markers to the point in the presentation/discussion and does not represent a standard presentation. [Read More]