Gates Says Microsoft Will Support OpenID 73
An anonymous reader writes "In his RSA conference keynote today, Bill Gates announced that Microsoft will support the decentralized OpenID digital identity protocol, in addition to WS-* and CardSpace (transcribed notes, video). From its roots in LID, i-names, and Sxip, the first major deployment in LiveJournal, and now with support from Techorati, Magnolia, Symantec, a suspected mass-deployment by AOL, and a number of startups — using URLs as digital identities has caught hold."
Embrace, (Score:5, Insightful)
You know the rest.
Re:Embrace, (Score:4, Insightful)
Unfortunately, OpenID will utterly fail in it's task: it will never be a trustworthy source of identification. It's only useful for things where MS Passport was previously useful: throw-away Hotmail accounts and that's about it.
A Real Security(TM) implementation that required absolute knowledge of a person's identity would have to be based on the Web-of-Trust model, much like you don't have a single piece of identification. You have a driver's license, a social insurance number, a credit card, a health care card, etc. No one piece of ID is sufficient, especially when applying for new pieces of identification. The analogue on the Internet is similar, though even finer-grained. Instead of a series of governmental organizations correlating each other's data on a particular identity, every single person in the world is able to verify every other person's identity. This is known as "Federated Identity".
Such a mechanism does not preclude the idea that a government could support a particular identity; in fact, they could also sign a person's public key. While webs of trust are more difficult to set up, there is no longer a single point of failure in the identification. Going back to OpenID, all I need to do is supply my own authentication server, and I have corroborated my own identification. Or, in a slightly less legitimate fashion, I could take over someone else's authentication server and steal all the identities from it. A Web of trust is much more difficult to steal; you need to crack the passphrase on my certificate (not impossible, but much harder and I can revoke the certificate if I suspect that the certificate has been compromised). Once the DMV, Health Authority and Credit Card companies have all signed my public key, it's much more believable that something signed with my public key is definitely signed by me.
as OOXML? (Score:3, Insightful)
It is urgent time that we gather some ressources to free citizens from that company. We see the progress Open Source has made without significant public subsidies. Why not invest a billion of public money into information freedom, free us from that company which funds all these damn lobbyists in parliament. We don't need Microsoft to tell us what an open standard is. We know what it is. It is 100% patent-free and no-rand community driven development. Free market, free competition, interoperable, open documented.
Before we get a free cyberspace, all these unethical companies need to be told a lesson. Now that Saddam is gone we have to go after rogue companies. It is important to safe our liberty and freedom of business. Unethical businesses need to be punished. Rotten companies are not good for business.
It was Gates who reportedly (their PR person told it Borsen) bribed the Danish Government: Get us software patents or we cut jobs in Denmark. Now he and his foundation are on the biopat lobbying front in Africa.
Re:Embrace, (Score:4, Insightful)
Who needs OpenID... (Score:3, Insightful)
Blaming the user again is pathetic. (Score:4, Insightful)
He needs to deal with the engineering first. What good is an ID if your computer is one of the 25% of all Windoze computers with a keylogging bot on it? It's not the user's fault.
Re:Embrace, (Score:5, Insightful)
Trust and identity are two different things. You're talking about trust. The fact that you can make up multiple identities doesn't matter unless you want somebody to trust one of them for something.
Trust is a big problem; moreso than identity. Furthermore, trust systems have identity as a requirement. And identity is useful outside of any advanced trust system. It makes sense to solve the identity problem first before moving on to complicated web of trust models.
The OpenID people are careful to distinguish between identity and trust. Trust is outside the scope of OpenID, but it's likely that any worthwhile trust system can be built on top of OpenID. You shouldn't use lack of trust as a basis to reject OpenID; in fact large-scale adoption of OpenID may well be helpful in developing a decent trust system.
PS: The one organisation that I expected to support OpenID much sooner than this is Google. Anybody have any ideas why they haven't jumped on board yet?