You may not know it, but you probably have an OpenID. If you have a Yahoo account, you have an OpenID. If you have a Windows Live account, you will soon have an OpenID. And today, if you have a Google e-mail account, you can also start using your Gmail address as an OpenID.
By joining the OpenID movement, Google completes the trifecta and adds all of its Gmail users to the hundreds of millions of Yahoo and Windows Live accounts that can also be used as a single login for any Website that accepts OpenID. While Google is more than happy to become an issuer of OpenIDs, what is not so clear is whether it will accept other OpenIDs for people who want to sign up for Google services.
Google appears to be an OpenID “provider,” not a “relying party.” In other words, you cannot sign into Google with your Yahoo account. But this still helps the OpenID movement as a whole because it gives smaller sites more incentive to join as “relying parties.” Among the first sites to accept Gmail accounts for sign in are Zoho and Plaxo.
AOL and MySpace are expected to jump aboard as OpenID providers as well. The only big holdout appears to be Facebook, which has its own competing Facebook Connect program. But even Facebook might eventually join the OpenID fold. (Its partners seem slightly less than enthusiastic about deploying Facebook Connect).
Yahoo also doesn’t accept OpenIDs from others…at least I don’t see it on the Yahoo mail page.
Congratulations to Google, the OpenID Foundation, and all the folks involved. This is a great step forward.
No it’s not. It’s just a ‘me too’ move by Google. All of these big companies (Google, Yahoo, Microsoft) are pretty much just enticing more people to create accounts with them. That does nothing for OpenID and isn’t the point.
Exactly. It pisses me off every time some big player decides to implement the *provider* half of OpenID, but refuses to be a consumer.
I wish there was some sort of requirement that if you want to be a provider you also have to be a consumer :-\
This is not private ID now?
What’s going on the web?
http://www.iboozi.com
This is still a limited trial no?
i think window live will get much buzz than gmail
You are joking right? Microsoft and Internet don’t mix. Epic fail.
“epic fail”
Hasn’t the clock run out on this stupid phrase yet?
Its great to see people adopting OpenID… Unfortunately, and for obvious reasons, it seems like everyone wants to be an OpenID provider, but not an OpenID relying party… Everyone wants to hold their own information, and unless that changes, it doesn’t make OpenID as useful as it could be
This makes it even more dangerous when social networking sites ask for your e-mail account and password to see if your e-mail contacts are already members.
Don’t do it!
“AOL and MySpace are expected to jump aboard as OpenID providers as well.”
You’ve been able to use your AIM account for OpenID for quite a while (openid.aol.com/USERNAME).
This is not the only thing Windows Live, Yahoo, and Google are up to. There are lot’s of changes going on in the IT field. Way to go TechCrunch!
I am agree with Brent Logan. The security measure must be clearly defined to the users. How “open” is the OpenId is?
Let me know when they are an openid consumer. There are enough providers already.
Dude….this is good. Ironically, even Microsoft is complying. Now only if MySpace and Facebook agrees to do the same, it will be awesome!
http://www.livbit.com
Those who are focusing on the negative (these big Providers are not yet Relying Parties) are missing the forest for the trees. OpenID had a chicken and egg problem. Not many relying parties. Why become a provider? Not many providers. Why become a relying party. Google brings us to the tipping point. Together with Microsoft, Yahoo, AOL, and shortly, MySpace, along with the Open Stack tie to OAuth and, soon, Portable Contacts, and there is now the honey pot of smoother onboarding that justifies the investment of becoming a relying party. Wave on!
Agree with you John.
The problem with this however is that Google’s implementation is different from the normal OpenID and both Yahoo and Google want their login to be separated from a normal OpenID field. Thus it really won’t be OpenID, it will be Google’s implementation of OpenID, like Microsoft’s or Opera’s version of W3C standards, similar but not really the same.
For background see here: http://www.sitepoint.com/blogs.....in-openid/
Google has supported OpenIDs at blogger for quite a while. They are also the first major OpenID Provider to provide an email address to the Relying Party. A great step forward.
Myself, I am excited to see all the major players supporting an internet identity protocol. Let the revolution begin!
great news hope all the other big players jump on board very soon
great news i do hope all the other big players jump on board very soon the better for us all
So what’s the name of my Gmail OpenID? I don’t understand that. My Gmail address has the form of an email address, but my OpenID is an URL.
Exactly what I was wondering - from the article it looks like the site you want to log into has to set itself up especially - which would still be defeating the point of OpenID.
Or does this have something to do with discussions around have email addresses as OpenIDs? Just how would that work technically under the current model?
https://yourgooglename.gmail.com
The accepting party has to elect to trust the provider, hence the… WTF?? WHY AM I HAVING TO EXPLAIN BASIC SHIT LIKE THIS ON TECHCRUNCH OF ALL PLACES??
I dunno. I’m a big fan of OpenID, but I think it may never take off because some some reason, people don’t understand it.
I blame Flickr/Yahoo for that. They were my entry into actually using OpenID somewhere else (I dont remember what site), and they used the format “flickr.com/photos/yourname”, which doesn’t really transpose to google (or anyone else’s) OpenID format. The barrier to traction (in this case) is consistency. I never even knew you were supposed to use yourname.site.com until just now when I decided to visit the OpenID site before responding to your post. BTW - Another blocker for OpenID traction is if the user has to visit another website just so see how to log in to a particular website.
@Jonathan
You are an ignorant moron. Go research some basic shit…
It is still a private “OpenID”, can not use as public OpenID, When I reply on the blogger, can not use my gmail as openid.
You can use it as a “public OpenID” - that’s the whole POINT. Assuming, of course, the place you are logging in to elects to trust Google as an OpenID provider (and you do too).
Awesome work! It was super easy to sign into Plaxo and Zoho using my GMail OpenID!
its about time….
Exactly what I was wondering
thanks
Well, just tried using Google and checked on the OpenID mailing list and they are NOT compliant. You have to type in http://www.google.com/accounts/o8/id if you want to use Google on an RP that has not implemented Google’s magic extensions. Very disappointing.
Typical of Google. If it didn’t emanate from the Googleplex, it’s not good enough. I don’t know why people want to reinvent wheels…
bragster has been accepting gmail (among many) as openID for the last 2 weeks… very few people using it though so far. We previously also supported the hcard implementation.
http://www.bragster.com/users/.....en_id=true
Maybe if you used OpenID properly more users would use it.
Used this feature, so I can forward Gmail emails to Zoho as another form of backup.
Zoho is good.
Finally, I am sick of logging in with yahoo which I never use.
I love it that news.
Great work.
how secure is OpenID? specifically, confidentiality.
Seems like a compromise on Google’s part would be implementing something like: http://openid.google.com/username
Standard URI, and would forward you to google to login as normal.
How can we make sure that the sign in box showing the openID is real? What if the box was fake and someone stole our emails? Please advice…
As someone mentioned on the official google blog post about this, there’s nothing stopping google using email addresses as OpenIDs as http://username@gmail.com/ is a valid URL. Yahoo already does this. As long as the relying party doesn’t require you put in http:// (for some strange reason), then your gmail address will work if Google choose to implement it that way
AOL has had OpenID for a long time now.
Interestingly, Zoho had been allowing login with a Google id before they had OpenID. They seemed to use one of the earlier Google authorisation protocols, which wasn’t really intended for authentication. It worked OK, but put up a slightly alarming “this site is accessing your data” message. This is much better, because it designed for authentication, not authorisation to google-held information.
AOL could be looking into integrating it into Bebo, the social network they bought a while ago, which is by far the biggest social network here in Ireland, so I hope they do do that
I don’t get OpenID. The RP still needs an account per user; and adds the burden to manage an alias list with multiple alias per user. The friction is higher for the user and developer. Why?
Most sites cache login information as cookies. As long as you visit once every 3 months. The login is there. Further, browsers track userid and password by site.
Is OpenID a solution in search of a problem?
Or is it a trojan horse to share information among websites. If it’s the latter, it invades personal privacy.
Can someone explain this to me?
-Dash
http://adEcon101.blogspot.com/
dj: I’ll see if I can explain this to you. I see you’re confused.
1. OpenID is designed to be used in situations where (as it’s name implies) identity, and not security, is the operative word. Such situations account for perhaps 90% of all web-based account authentications: they’re actually pretty trivial.
2. OpenID recognises that most people (even intellectual giants reading TC) simply use the same password (or variants of it) on most if not all logins they have. OpenID therefore formalises this by allowing you do just that, and put this to your benefit (if you want me to list these benefits, I can).
3. OpenID is (particularly) good for new site owners with groovy ideas because it reduces the friction of creating and maintaining an account. This means sites can gain lots of users quickly, and minimise loss through lack of use (Not everyone piles in to new sites and uses them rabidly every day - most people exhibit a pattern of dabbling, forgetting about it, responding to a mailing only to forget their login, get a new password, or create a new login if they don’t remember the email the used, thereby losing any traction they had, etc. etc.)
4. OpenID is no better or worse at “invading privacy” than standard logins. If Facebook want to sell your details to the highest bidder, they will unless you stop them. Same for your OpenID provider. With OpenID though, if your provider screws you over, you can take your ID to another provider - the sites you use with it (should) not be affected.
OK I’m bored explaining now - hope I’ve given you the impetus to go out and read some more about if if there’s anything else you want to know. Notice I didn’t tell you that in the first place…
I think the big players will eventually adopt some type of open authentication standard where they will accept each others credentials.
http://tinyurl.com/689jzy
OK, now everyone has an OpenID account. Unfortunately there’s still almost nowhere that you can use it. Now that the big 3 are all providers, I think becoming a provider (without simultaneously becoming a relying party) is no longer newsworthy. With effectively everyone having at least one OpenID account available now, becoming a provider only amounts to a publicity stunt. Now we need the big services that we use regularly to really step up and become relying parties.
Facebook will hold out for a long time. Especially with Digg and many other sites starting to support Facebook. Eventually it will be wise for them to join. On a personal side…using OpenID takes too long (yes, only 1 extra screen) but I would prefer if they tightened up and made it a one-step process.
I agree with Korey the trends are showing the growth of OpenID and even my self who has a website built Drupal has the option to offer the OpenID service.
why is google so late compared with windows live and yahoo?
They’re still not there yet–it’s not actually OpenID. Maybe they should call it “Andro-ID” or something.
Good News! I like Google so much.
I hope the Chinese website support OpenID. I have too many IDs that I offen forget it.
It’s not “a great move” since it’s not really OpenID, it’s some mutant Google fork of the OpenID standard which is incompatible. What’s the point of claiming you’re using a standard when you rewrite it yourself in a non-interoperable way?
I guess they expect OpenID and relying parties to conform to their propietary authentication system. That’s amazing.
I don’t get it. It doesn’t act like OpenID so why call it that?
It’s good that big players are recognising the OpenID approach publicly and getting involved.
But the bending of standards is bad - if there is a standard then adopt it. Pretty please?
Perhaps the Google partial-acceptance of the OpenID standard should be called AjarID?
Let’s hope they go the whole way from AjarID to OpenID.
Google is *not* a standard OpenID like Microsoft and Yahoo. Even according to their terms if you go in and check them, they have something that *resembles* an Open ID….but is not a true OpenID. Zoho is just one of the first sites that actually adopted their ridiculous form of it. This is not a step forward for the whole OpenID process…Google just again manages to screw things up by having to be different. Whether it was to prove a point, say “our way is better” or whatever…who knows. There are entire extra steps that their process follows that a true OpenID process does not; and renders it incompatible with most sites.
does this mean that my “user id” for these websites shows up as my gmail address??
ie, if i login to digg/delicious/myspace/etc (if they used openID) using gmail and post something, does my post show the world it came from my email address?
or does openid require you to have a different “local id” on each service you log into..
This is a great development for OpenID, and more importantly for the websites and end users that can benefit from faster and easier registrations and logins using existing accounts with Google, Yahoo, AOL, and many other OpenID providers.
JanRain’s RPX (http://www.janrain.com/products/rpx) OpenID website enabling service has already integrated and deployed support for Google’s OpenID service. You can see a demo at http://www.velog.com.
You can also see some case studies of successful OpenID deployments with measurable benefits at: http://www.janrain.com/openid/casestudies
Guess soon we all be using just one ID. In my opinion, great. I think is a necessary step to take for sure.
This is still a limited trial no?
http://www.egitimbilgisi.tr.gg