| By Dipto Chakravarty |
Article Rating: |
|
| July 14, 2010 06:45 AM EDT |
Reads: |
3,974 |
Admit it, you have a Facebook account. Whether you are an occasional user sharing family photos or a full-blown "friending" addict, it is nearly impossible not to use it. You probably have also seen several warnings from friends not to use an application that burned them or to ignore a recent posting that may lure you into installing a malicious widget.
Facebook's success and its large vibrant population has become a large target for malicious actors. Facebook's applications have become a breeding ground for malware. Facebook's privacy policies have become the stuff of scrutiny from governments around the world, sometimes exacerbated by their own management's policy flip flops.
Given all that, we come to praise Facebook, sort of, not bury them. What most of the security and privacy experts who interact with Facebook will tell you is that they care, and are trying to do the right thing. Facebook's adoption of OpenID is something that fits the model of trying to do the right thing, and also provides the intriguing possibility of a more trusted cloud and more secure social networks.
OpenID is an open authentication standard that allows an individual to use a single set of credentials to access other websites and other services supporting OpenID. Several large Internet destinations already supported OpenID, but only as "Identity Providers," meaning you still need to create your account with that site in order to log on to it. It is likely that money is a big driver in how large Internet sites have chosen to implement OpenID. Internet companies are valued in part for their huge databases of customer or user information, and most seem determined to increase this. Ceding credentials is likely seen as a slippery slope toward ceding other information requirements.
When Facebook announced support for OpenID in May 2009, it was as a "Relying Party." This means that you could use OpenID-compliant credentials from any of several other Internet sites to log on to Facebook. This is a huge shot in the arm for OpenID and a signal to other Internet megasites to consider letting others issue identities. We know that Facebook has plenty of other data collection aspects to the business. We also know that OpenID needs some work to improve on its security features. However, this could be a positive step towards allowing users to consolidate their online identities. Imagine a world where you have a single set of credentials, protected by strong, multi-factor authentication. That is a future we would create a fan page for.
Dipto Chakravarty is the Vice President of Engineering for the Security Management Operating Platforms at Novell, Inc. Prior to Novell, Chakravarty ran product engineering for e-Security. He previously served as CTO and founder at Artesia, a firm he started with management buyout in 1999. Besides startup businesses, Chakravarty has held a variety of management positions at IBM’s AIX kernel group, Thomson’s e-publishing group, and Bell Lab’s device drivers group.
A 20-year software industry veteran, Chakravarty is also the author of two best-selling computer books from McGraw-Hill and has published over 45 technical papers in refereed journals, and holds several patents.
Subscribe to Open Source Magazine Email News Alerts
Subscribe via RSS
