OpenID: “The OpenID Foundation is launching its third OpenID Summits for 2011. … This OpenID summit gives web site developers and technologists a closer look at the OpenID Connect protocol, its use cases and adoption plans by leading companies. We will introduce ‘Account Chooser’ its implementation and user experience and provide interop testing and feedback for next generation OpenID adoption. – Please join us on Monday, September 12, 2011 from 12:00 Noon until 5:00pm PDT and Tuesday, September 13, 2011 from 10:00am to 5:00pm PDT.”
Account Chooser: “[is an] open standard and user interface guidelines for the next generation of web sign in. – If a user has been logging into a website for a long time with a password, then the account chooser experience makes it easy for the website to upgrade them to use an identity provider. … The use of identity providers not only makes it easier for people to use websites, but also makes their accounts more secure. With traditional websites, people tend to reuse password across sites. If hackers are able to compromise even a single website, they can then use that password to break into the person’s accounts on other websites. Unless a user’s password is extremely complex, there are unfortunately very simple techniques, such as dictionary attacks, that hackers can use to identity a person’s password on almost any small to medium website. Fortunately identity providers can be certified to confirm they offer protection against those types of techniques.”
Google: “In July 2011 Google started allowing limited access to a new layer on top of our login box using an industry approach called an Account Chooser. Our goal is to gather feedback to decide whether to roll this out to all users, and what modifications to make to the design.”
TC: “Essentially, Account Chooser appears to be a way for website owners and publishers to alter their traditional username/password-based login systems to one that supports multiple identity providers. – Such a system would also allow people to easily switch between accounts. – For a website owner or publisher, the system could increase sign-up and login rates, as well as reduce costs from hijacked accounts and users who have trouble logging into their account for whatever reason. To deploy Account Chooser, they can use a SaaS vendor such as the Google Identity Toolkit and Janrain Login Helper – or simply build their own.”
TR: “Ein neuer Dienst, der unter anderem von Google unterstützt wird, soll beim Nutzeraccount-Management im Web endlich den Durchbruch bringen. … Account Chooser, ein neuer Dienst der OpenID Foundation, der unter anderem Google, Facebook, Microsoft und Yahoo angehören, ist der jüngste Versuch, das Anmeldeproblem zu lösen. Dabei kann der Nutzer einen Account auswählen, mit dem er sich künftig identifizieren will – mit dem Log-in von Google Mail oder Facebook, beispielsweise. Damit lassen sich dann zahlreiche weitere Internet-Angebote nutzen. … Die Technik wurde von Eric Sachs entwickelt, einem Projektmanager bei Google, der im Verwaltungsrat der OpenID Foundation sitzt. Google unterstützt das Projekt und unterhält den Code auf seinen Servern. Account Chooser unterscheidet sich deutlich von früheren Ansätzen – darunter auch von der ursprünglichen Methodik der OpenID-Foundation selbst, deren Technik sich inzwischen als zu kompliziert erwiesen hatte.”
Gerrit Eicker 09:13 on 8. September 2011 Permalink |
OpenID: “The OpenID Foundation is launching its third OpenID Summits for 2011. … This OpenID summit gives web site developers and technologists a closer look at the OpenID Connect protocol, its use cases and adoption plans by leading companies. We will introduce ‘Account Chooser’ its implementation and user experience and provide interop testing and feedback for next generation OpenID adoption. – Please join us on Monday, September 12, 2011 from 12:00 Noon until 5:00pm PDT and Tuesday, September 13, 2011 from 10:00am to 5:00pm PDT.”
Account Chooser: “[is an] open standard and user interface guidelines for the next generation of web sign in. – If a user has been logging into a website for a long time with a password, then the account chooser experience makes it easy for the website to upgrade them to use an identity provider. … The use of identity providers not only makes it easier for people to use websites, but also makes their accounts more secure. With traditional websites, people tend to reuse password across sites. If hackers are able to compromise even a single website, they can then use that password to break into the person’s accounts on other websites. Unless a user’s password is extremely complex, there are unfortunately very simple techniques, such as dictionary attacks, that hackers can use to identity a person’s password on almost any small to medium website. Fortunately identity providers can be certified to confirm they offer protection against those types of techniques.”
Google: “In July 2011 Google started allowing limited access to a new layer on top of our login box using an industry approach called an Account Chooser. Our goal is to gather feedback to decide whether to roll this out to all users, and what modifications to make to the design.”
TC: “Essentially, Account Chooser appears to be a way for website owners and publishers to alter their traditional username/password-based login systems to one that supports multiple identity providers. – Such a system would also allow people to easily switch between accounts. – For a website owner or publisher, the system could increase sign-up and login rates, as well as reduce costs from hijacked accounts and users who have trouble logging into their account for whatever reason. To deploy Account Chooser, they can use a SaaS vendor such as the Google Identity Toolkit and Janrain Login Helper – or simply build their own.”
TR: “Ein neuer Dienst, der unter anderem von Google unterstützt wird, soll beim Nutzeraccount-Management im Web endlich den Durchbruch bringen. … Account Chooser, ein neuer Dienst der OpenID Foundation, der unter anderem Google, Facebook, Microsoft und Yahoo angehören, ist der jüngste Versuch, das Anmeldeproblem zu lösen. Dabei kann der Nutzer einen Account auswählen, mit dem er sich künftig identifizieren will – mit dem Log-in von Google Mail oder Facebook, beispielsweise. Damit lassen sich dann zahlreiche weitere Internet-Angebote nutzen. … Die Technik wurde von Eric Sachs entwickelt, einem Projektmanager bei Google, der im Verwaltungsrat der OpenID Foundation sitzt. Google unterstützt das Projekt und unterhält den Code auf seinen Servern. Account Chooser unterscheidet sich deutlich von früheren Ansätzen – darunter auch von der ursprünglichen Methodik der OpenID-Foundation selbst, deren Technik sich inzwischen als zu kompliziert erwiesen hatte.”