This morning at RSA Bill Gates and Craig Mundie announced MSFT support of OpenID2.0. (Johannes has a good summary of the points they made too) I wouldn’t go so far to say that they got Married. But what exactly was announced? I spoke with David Recordon and Mike Jones after the announcement. (this picture is before the announcement).
The OpenID Relying parties will be able to request that the authentication be done in a Phising resistant way. Then the OpenID Provider will have it a way to assert that the authentication of the OpenID (a URL or XRI/I-name) has been done in a Phishing resistant way. CardSpace will be available as a primary way of providing this kind of authentication (for users on Windows machines).
This is a very exciting development as it expands the options available to users. Their are issues with Phishing in OpenID (as outlined here by Kim) and addressing this hole is key to making it a viable protocol that is good for users.
Kim talks about is request to the OpenID community in the blogosphere and in the meeting they had last week at JanRain (Scott blogged about that here).
My big ask was to add a way to request credentials based on phishing-resistant authentication…..[so that] the system is built to handle the dangers that would come with its own success.
The one question I have about this collaboration announcement why Cordance, NetMesh and other companies who have made major contributions and have critical stakes in the OpenID community were not listed in the announcement. I know it was pulled together very quickly but I think the contributions of those two companies have been extensive and deserved mention (and yes! they do have ‘code’).
There was also no mention of like Brad Fitzpatrick the originator of the OpenID and his company LiveJournal which is now a part of SixAppart.