Identity management on the web with Open ID
Practical and Open
OpenID is a step in the right direction for identity management. Because OpenID implements single sign-on, it becomes more convenient for users by reducing the number of passwords you need to remember. The ability to manage attributes is far more powerful than it appears at first glance.
The number of websites using OpenID continues to skyrocket, but some really big applications will still need to prove whether they fulfill all of the operative and conceptional requirements with respect to trust and availability.
Identity Management and Federation
OpenID is not the only identity management project. Feder ID , for example, is an open source project from France. One of the project's contributors, Clément Oudot, underlined the importance of digital identities for access to web resources in a recent interview with Linux Magazine.
According to Oudot, many users possess a separate identity for each website. This is major issue for large enterprises and organizations, as users need to memorize multiple passwords. Feder ID provides tools for synchronizing identity repositories. These attributes are not only available to a single local organization; they can be shared by trusted partners.
The Feder ID tools are open source licensed and comply with the IETF (Internet Engineering Task Force), OASIS (Organization for the Advancement of Structured Information Standards), and Liberty Alliance standards for identity management.
- Microsoft Passport: http://www.passport.net
- Liberty Alliance Project: http://www.projectliberty.org
- OpenID project: http://openid.net
- Myopenid (provider): http://myopenid.com
- Mediawiki extension for OpenID: http://www.mediawiki.org/wiki/Extension:OpenID
- Drupal support for OpenID: http://drupal.org/project/openid
- Open Source libraries for OpenID: http://wiki.openid.net/Libraries
- "Keeping Customers and Merchants Secure", Whitepaper, Secure Computing: http://www.securecomputing.com/webform.cfm?id=289&ref=pci
- Feder ID: http://federid.objectweb.org
Buy this article as PDF
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.