August 24, 2007
@ 06:43 PM
Comments [3]
It isn't OpenID vs. Windows Live ID (Web Authentication )

David Berlind has a blog post entitled If ‘you’ build OpenID, will ‘they’ come? where he writes

In case you missed it last week, Microsoft is taking another swing at the idea of single sign-on technologies. Its first, Passport, failed miserably. Called Windows Live ID (following in the footsteps of everything else “Windows Live”), I guess you could call this “Son of Passport” or “Passport: The Sequel.” The question is (for Microsoft as much as anyone else), down the road, will we have “Passport The Thirteenth”?

When I saw the announcement, the first thought that went through my mind was whether or not Microsoft’s WLID service would also “double” as an OpenID node. OpenID is another single sign-on specification that has been gaining traction in open circles (no suprise there) and the number of OpenID nodes (providers of OpenID-based authentication) is growing.

In light of the WLID announcement from Microsoft and given the discussions that the Redmond company’s chief identity architect Kim Cameron and I have had (see After Passport, Microsoft is rethinking identity) about where Microsoft has to go to be more of an open player on the identity front, I tried to track him down to get an update on why WLID and OpenID don’t appear to be interoperable (I could be wrong on this).

Somewhere along the line, people have gotten the mistaken impression that the Windows Live ID Web Authentication SDK is about single sign-on. It isn’t. The primary reason for opening up our authentication system is to let non-Microsoft sites build and host widgets that access a user’s data stored within Windows Live or MSN services. This is spelled out in the recent blog posting about the release on the Windows Live ID team blog which is excerpted below

The benefits of incorporating Windows Live ID into your Web site include:

 

·         The ability to use Windows Live gadgets, APIs and controls to incorporate authenticated Windows Live services into your site.

For example, the recently announced collaboration between Windows Live and Bebo requires a way for Windows Live users on Bebo to authenticate themselves and utilize Windows Live services from the Bebo site. That’s what the Windows Live ID Web Authentication SDK is meant to enable.

Although the technological approaches are similar, the goal is completely different from that of OpenID which is meant to be a single sign-on system. 

Now playing: Mase - Return Of The Murda


 

Categories: Windows Live

« Windows Live and Bebo: Social Network Po... | Home | Microformats are not an API »
Friday, 24 August 2007 22:40:17 (GMT Daylight Time, UTC+01:00)
Hi Dare,

It seems reasonable to acknowledge that Windows Live ID is a single sign on service whether thats what its "about" or not. If it looks like a duck and quacks like a duck...
It is the successor to Passport which was a sign on service long before anything "Live" started.

I just implemented support for Open ID in mojoPortal (http://www.mojoportal.com) and am also almost finished implementing support for Windows Live ID and they both seem like single sign on services to me. I have no immediate plans to integrate with Windows Live contacts though it may interest me later. The main benefit right now is allowing users to register and log in without having to have yet another user name and password.

I think single sign on is a huge thing that the web really needs right now and I don't blame Microsoft for wanting to be a service provider for single sign on. I think for something like single sign on we don't want a thousand different providers with a thousand different APIs but certainly I don't think having only one solution is a great idea either. Its better if there are a few well known trusted solutions and optimal if they can interact with each other at some point so that it matters little which one you use.

Best Regards,

Joe Audette
Joe Audette
Sunday, 26 August 2007 22:25:00 (GMT Daylight Time, UTC+01:00)
Microsoft may attempt to promote Windows Live ID as something other than single sign on and it may even attempt to convince itself that it's something other than single sign on, but Windows Live ID in reality is being used as a single sign on provider. I agree with Joe when he says, "If it looks like a duck and quacks like a duck..."

Marketing teams can spin it any way they want, but Microsoft promoted Passport heavily as a single sign on provider and Windows Live ID is basically Microsoft's new spin on an old product (e.g. Passport). I'm not saying it's necessarily a bad thing since I use Passport/Windows Live ID to log on to a few non-Microsoft sites, but let's face the reality that Windows Live ID is single sign on and has been since it was first introduced.
Don Baker
Monday, 27 August 2007 04:42:54 (GMT Daylight Time, UTC+01:00)
I suspect that the Microsoft folks simply didn't think about the federation angle when designing the authentication model for their APIs as opposed to this being some 'evil plot' by Microsoft to perpetuate an identity silo.

http://www.25hoursaday.com/weblog/PermaLink.aspx?guid=d81b4275-5661-4fbd-8e3e-b7af096c87ab :-)
Anonymous Cwoard
Comments are closed.