Online Authentication Techniques

views:

answers:

+1 Q:

Online Authentication Techniques

What online authentication services are available.

I know about

Live ID
OpenID

Are there any other major players.

I am particularity interested in authentication federation so that we can log in once and use on multiple sites (if this is even possible).

+1 A:

There is also Facebook Connect, to add to your list.

However, you are conflating two concepts: single sign-on (SSO) and single password. OpenID provides a distributed single-password system, where users log in to their ID provider once for each consumer site they visit. Windows Live ID provides a centralized single-password system, where users log in to Microsoft once for each consumer site.

On the other hand, you say "we can log in once and use on multiple sites". That is SSO. An SSO system like Kerberos has the user log in once, and then use the credentials they obtained across multiple authentication realms. Using federated-trust systems like Cosign or Shibboleth, it's possible to trust credentials from other institutions.

If you clarify exactly what you're trying to do, you will probably get a better answer. But there's more to it than you seem to have gotten a handle on.

Borealid 2010-08-30 23:25:45

Facebook Connect, R.I.P :) http://developers.facebook.com/docs/authentication/

Claudio Redi 2010-08-30 23:27:43

Slight correction - while Live ID does support SSO, it does not force it, and sites using it for user authentication can maintain separate signin state. An example of this is CodePlex.com where the user has to explicitly sign in, even if she's already signed in to any Live.com site.

Franci Penov 2010-08-30 23:32:51

Thanks, this is exactly the kind of info I need. I am still slightly confused about difference between LiveID and OpenID in your description any chance on expanding it or if you have a good link.

Martin York 2010-08-31 07:49:50

@Martin York: Anyone can run their own OpenID server - it's an open standard. Google provides an OpenID when you sign in to your account with them. So does Yahoo, and StartSSL, and a dozen other companies. I can even run my own and have example.com/myid be my OpenID URL. Thus, decentralized. With Windows Live ID, you must use Microsoft's site. If they're down, no login for you. Thus, centralized. As Franci Penov points out, Live ID can also be used for kind-of SSO - but I'm pretty sure it involves an extra round-trip to MS for each site, an can't federate, so it's only sort-of SSO.

Borealid 2010-08-31 15:26:08

@Borealid: Thanks. Though I doubt MS has a single point of failure. I would assume (please correct me if I am wrong) that LiveID has a single `URL` (though in real life this may map to different sites for different people and automatically roll (I am using roll because I am not sure what they can do to update DNS dynamically but there must be a technique to fail-over to a secondary site) on failure)

Martin York 2010-08-31 16:51:02

@Martin York: I didn't mean that there was a "single point of failure" as in one particular computer, I meant a "single point of failure" in that there is one company in control. If a Microsoft sysadmin makes a DNS configuration mistake, that brings down Live ID. If a government seizes an MS server farm, that could too. The important point is that, by using Live ID, you are trusting and relying on a single external entity. This is *not* the case with OpenID.

Borealid 2010-08-31 19:29:05

@Borealid: Good point.

Martin York 2010-08-31 19:51:59

ansaurus

tags:

views:

answers:

Online Authentication Techniques

related questions