Last issue I predicted a bit of a slowdown, some bumps in the road perhaps even some fracturing of the OpenID community in the coming year. Scott Kveton disagrees. Well, he would as he’s CEO of JanRain, which describes itself thus: “JanRain is delivering Internet-scale user-centric identity solutions employing the OpenID protocol.”

Scott put forward six predictions for the new, user-centric, authentication model:

“1. OpenID 2.0: First and foremost, OpenID 2.0 will get out the door. Not only will the spec be completed, but we’ll get the libraries out the door as well. I know I’ve been saying this for six months but I feel pretty confidant of it now.

2. 100 million users with OpenIDs: By the end of 2007 there will be 100 million OpenID enabled users out there. We’re at 16 million right now. Only 84 million more to go!

3. 7500 OpenID Enabled Sites: By the end of 2007 there will be 7,500 OpenID enabled sites. As of today, we’ve seen over 750 OpenID relying parties. We’re seeing 10-15 new relying parties a day. I think we’ll hit 7,500 by years end.

4. Big player adopts OpenID: One of the big players will adopt OpenID. That could be Google, Yahoo, Apple, AOL, Digg (yes, they are big like it or not), etc. I don’t have one single data point on this; its more of a gut feeling. When one goes, I think more will follow there after.

5. OpenID Community formalizes: The OpenID community will formalize itself in some sort of trade organization or nonprofit foundation. This will be a place for things like IP [intellectual property] (domain names, etc) and trademarks to land.

6. OpenID Services: We’ll see some very exciting services emerge that take advantage of OpenIDs. It’s more than just that one username and password. It’s being able to take advantage of the fact that you are the same person from site to site. This has some amazing possibilities in the realms of reputation and communication that are the most obvious. The best part about this one is that the really, really killer service hasn’t even been thought of.”

Well, you can’t say he’s not enthusiastic! I can say, though, that I think he’s overly optimistic. Just recently, for example, concerns about the security of OpenID have arisen. Even Microsoft’s Kim Cameron, the “godfather” of user-centric identity, has raised this issue. In a blog posting last week (“As simple as possible - but no simpler”) Kim worries about the possibilities of OpenID users being subjected to phishing attacks through the use of man-in-the-middle exploits. Kim’s premise is that you need client-side services to protect against these attacks and one of the tenets of OpenID is that there should be nothing installed as client-side. It is a major sticking point to wider acceptance of OpenID to do more than simply enable comments on blogs and it’s an issue that won’t go away soon.

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports