Open(ID) says me: Online account management protocol gains big backers

You may have never heard of it, but Google Inc. is behind it. So are AOL, Microsoft Corp., and Yahoo Inc.
With that kind of support, OpenID may soon be coming to mobile in a big way.
Designed as a standardized platform for online authentication, OpenID is a free, decentralized framework created by the open source community. Backers say the protocol eliminates the need for multiple usernames and passwords across different Web sites, providing a lower cost of password and account management for site operators.
And the OpenID Foundation has gained some impressive backers since its launch last summer. AOL and Plaxo were early supporters; Google, IBM Corp., Microsoft, VeriSign Inc. and Yahoo officially joined the board earlier this month. One enthusiast went so far as to suggest OpenID should be legally mandated.
“The reason OpenID has gotten some traction is three things,” said Andrew Jaquith, a program manager with Yankee Group. “First, it solves a real need. It makes it very easy and friction-free to log in and participate. Second, it’s not encumbered by patents and intellectual property issues, so it’s very easy for people to use without fear of IP concerns. Third, there’s a lot of very good, high-quality open source tool kits that make it very easy to embed to the Web.”
Supporters say the platform is a natural fit for mobile phones, which are typically limited by 12-key pads, minimal processing power and tiny screens. And OpenID has begun to make waves – well, ripples – on the wireless Web. France Telecom’s Orange SA in September committed to adopting OpenID, and the carrier has hinted that it may use the protocol for its own branded mobile services. Ma.gnolia.com, a “social bookmarking online community,” recently went mobile with its OpenID-enabled site, and other developers are working to add OpenID to their mobile Internet pages.
That momentum is likely to increase as Internet giants such as Google and Yahoo move further into wireless.
“Signing onto a mobile Web site on your mobile is very tedious and painful, and few (if any?) mobile browsers have integrated password management yet,” blogged Barnabas Kendall, a California-based technology consultant. “Furthermore, even if you have the patience to tap out your e-mail address and password, some sites won’t take it, or throw SSL errors or require JavaScript. For this reason, I have not been able to sign on to mobile Facebook through my Blackjack in, let’s see, ever.”
OpenID has its share of detractors, of course. Critics say the platform is highly susceptible to “phishing” – building a site disguised as a page from a legitimate business (a bank, for instance, or eBay) to trick users into giving up sensitive information such as social security numbers or credit card accounts. And while an ever-growing number of impressive names are backing OpenID, most of the high-profile supporters seem very cautious about actually integrating it with their own services.
But there’s little question that OpenID – or a similar protocol – could help fill some of the potholes that make the wireless Web so painful. Not only could it greatly reduce the number of clicks required to navigate the mobile Internet, it could actually boost consumption of mobile content. Vendors could use the phone itself as an authentication device, requiring consumers to type in nothing more than a short PIN code, Jaquith suggested.
“The nice thing about OpenID is that it’s very neutral, it’s not favoring any particular carrier or ISP. It could be a nice neutral ground and an opportunity for carriers to create some more value for themselves,” Jaquith said. “I don’t see any real technological problems (for mobile). The questions really revolve around whether the network operators have the vision to follow through.”