ARTICLES

Chances are, you logged into the computer you’re using at this very moment, and in the course of your day, you probably use more than five different name-and-password combinations to access Web-based email, healthcare and banking services, and a host of other services. In fact, CSO Online studied Web users’ behavior and found that more than 62 percent need to remember five or more passwords and PINs. This shouldn’t be such a burden, but best practices for security dictates that no two of your passwords should be alike. If keeping track of too many passwords has led to “password fatigue,” you’re not alone; this is a condition that has become so widespread that Wikipedia even has an entry for it.

User Centric Single Sign-On 
To alleviate this problem, a variety of single sign-on systems grant access to multiple services using only one password. Such systems employ a range of different authentication methods and strengths, depending on the application, but most are closed systems that provide access to networks of affiliate sites, rather than open systems that provide access to a wide variety of sites, so none of these systems have seen widespread adoption among consumers. Stepping into this market void is OpenID, a community driven standard that is becoming a flexible method for using one set of credentials to identify users across a wide variety of sites. OpenID is user-centric in that it allows users to choose how much information they would like to share about themselves with other sites. Also, users register with an OpenID Provider, and they can switch providers whenever they choose.

To date, there are thousands of OpenID-enabled sites, which include popular platforms such as Google’s Blogger, and Microsoft is exploring how OpenID technology could be incorporated in enterprise applications as well, by exploring how OpenID could be used with Microsoft’s InfoCards, a part of the .NET framework, which helps to authenticate users. Recently, Yahoo! announced support for OpenID, saying that it would triple the number of OpenIDs to 368 million.

OpenID Poised for the Mainstream 
As OpenID sees greater and greater adoption, and as it becomes leveraged for more sensitive transactions, it becomes increasingly important that the OpenID provider be a trusted entity. Technically, anyone with a server and the necessary software, all of which is available as open source, can become an OpenID provider, and users might be hesitant to rely on a provider if they felt it would put their identity, assets, or reputation at risk (in addition, they might question the long-term viability of the service). For this reason, the Innovation Group at VeriSign has been an active participant in OpenID advancement. The group has deployed a provider as part of an external beta testing program called the VeriSign® Personal Identity Provider (PIP) (https://pip.verisignlabs.com).

“As a leader in identity management, VeriSign is excited by the possibilities that OpenID provides for users,” said Gary Krall, technical director for VeriSign’s OpenID platform, “and we are actively looking for how VeriSign’s ‘best of breed’ technologies could be leveraged to provide a highly trusted identity platform.” In fact, the VeriSign PIP is part of the network of sites that employ VeriSign® Identity Protection (VIP), VeriSign’s robust multi-factor strong-authentication solution, and over 3,500 PIP users have leveraged this capability. 

Behind VeriSign’s Internet Infrastructure 
VeriSign plays a critical role in helping the world’s digital interactions to be secure, reliable, and always available. VeriSign operates the worldwide DNS infrastructure that provides service to .com, .net, and other high-profile top-level domains, and VeriSign has operated these servers since 1998 with 100% availability. VeriSign digital certificates protect the world’s 40 largest banks and over 93% of the Fortune 500. The VeriSign Secured® Seal, which identifies sites that are protected by VeriSign certificates, is the most highly recognized trust mark on the Internet (TNS Research, August 2006).  With this experience and reputation, VeriSign is in a position to provide some of the most trusted OpenIDs on the Internet.

Identity Management and Authentication are key service areas for VeriSign, so the company wanted to establish itself as a key participant in OpenID during this early adoption process. VeriSign has taken part in this process by assisting in drafting the standards, launching an OpenID provider, evangelizing the technology, and developing open-source software.

Get a Free OpenID Today  
To get started with a free OpenID from the VeriSign PIP, visit https://pip.verisignlabs.com/ and follow the instructions. For more information, including ideas on the many places where you can use your OpenID, visit www.openid.net.