Dipto Chakravarty

Subscribe to Dipto Chakravarty: eMailAlertsEmail Alerts
Get Dipto Chakravarty: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Web 2.0 Magazine, Security Journal, Open Source Journal, Facebook on Ulitzer, The Social Media Guide, Social Media Check-Ins


Facebook Open(ID)s Up

Its adoption of OpenID is something that fits the model of trying to do the right thing

Admit it, you have a Facebook account. Whether you are an occasional user sharing family photos or a full-blown "friending" addict, it is nearly impossible not to use it. You probably have also seen several warnings from friends not to use an application that burned them or to ignore a recent posting that may lure you into installing a malicious widget.

Facebook's success and its large vibrant population has become a large target for malicious actors. Facebook's applications have become a breeding ground for malware. Facebook's privacy policies have become the stuff of scrutiny from governments around the world, sometimes exacerbated by their own management's policy flip flops.

Given all that, we come to praise Facebook, sort of, not bury them. What most of the security and privacy experts who interact with Facebook will tell you is that they care, and are trying to do the right thing. Facebook's adoption of OpenID is something that fits the model of trying to do the right thing, and also provides the intriguing possibility of a more trusted cloud and more secure social networks.

OpenID is an open authentication standard that allows an individual to use a single set of credentials to access other websites and other services supporting OpenID. Several large Internet destinations already supported OpenID, but only as "Identity Providers," meaning you still need to create your account with that site in order to log on to it. It is likely that money is a big driver in how large Internet sites have chosen to implement OpenID. Internet companies are valued in part for their huge databases of customer or user information, and most seem determined to increase this. Ceding credentials is likely seen as a slippery slope toward ceding other information requirements.

When Facebook announced support for OpenID in May 2009, it was as a "Relying Party." This means that you could use OpenID-compliant credentials from any of several other Internet sites to log on to Facebook. This is a huge shot in the arm for OpenID and a signal to other Internet megasites to consider letting others issue identities. We know that Facebook has plenty of other data collection aspects to the business. We also know that OpenID needs some work to improve on its security features. However, this could be a positive step towards allowing users to consolidate their online identities. Imagine a world where you have a single set of credentials, protected by strong, multi-factor authentication. That is a future we would create a fan page for.

More Stories By Dipto Chakravarty

Dipto Chakravarty is the Vice President of Engineering for the Security Management Operating Platforms at Novell, Inc. Prior to Novell, Chakravarty ran product engineering for e-Security. He previously served as CTO and founder at Artesia, a firm he started with management buyout in 1999. Besides startup businesses, Chakravarty has held a variety of management positions at IBM’s AIX kernel group, Thomson’s e-publishing group, and Bell Lab’s device drivers group.

A 20-year software industry veteran, Chakravarty is also the author of two best-selling computer books from McGraw-Hill and has published over 45 technical papers in refereed journals, and holds several patents.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.