In what may turn out to be an important development for interoperability between Internet services, online giant Yahoo has announced it plans to support OpenID 2.0, a standard designed to enable single-login access to Internet services—even if they’re operated by different companies. Yahoo plans to introduce beta support for OpenID 2.0 beginning on January 30 across sites like me.yahoo.com and Flickr, and offer OpenID support for the nearly 250 million active Yahoo users worldwide. In theory, that means these users could use their Yahoo IDs to log in to other sites that support OpenID 2.0. Yahoo is hoping to have partners Plaxo and JanRain working with the system from the first day of the public beta.
“A Yahoo ID is one of the most recognizable and useful accounts to have on the Internet and with our support of OpenID, it will become even more powerful,” said Yahoo executive VP of platforms and infrastructure Ash Patel, in a statement. “Supporting OpenID gives our users the freedom to leverage their Yahoo ID both on and off the Yahoo network, reducing the number of usernames and passwords they need to remember and offering a single, trusted partner for managing their online identity.”
Although the notion of a single, Internet-wide login and identity validation system is not new—technologies and proposals (and patents) have been bandied about for well over a decade—OpenID was developed and championed by LiveJournal founder Brad Fitzpatrick, who is now at Google and a key player in the company’s OpenSocial effort. As social networking sites like MySpace, Facebook, Bebo, and others have gained enormous popularity—not to mention services like YouTube, Flickr, Photobucket, and more—efforts to develop an interoperable, single-login system have accelerated.
One frequently-sided downside of universal login systems—or, one password to rule them all—is the potential impact on users’ privacy and security. Although a universal login system may make it easier for users to access a multiplicity of sites and services, it also creates a single point of failure: if a user’s password gets away—or a single OpenID partner drops the ball on security—then every account that user manages via OpenID is compromised.
