This blog can't be viewed on LiveJournal. Instead see http://www.apparently.me.uk/9067.html.

Windows Live ID: Time to write another Identity Proxy?

17th Aug 2007

As most will be aware, Microsoft recently announced that it is opening up access to Windows Live ID for use as an authentication mechanism for other sites.

I have to say that I'm less than impressed at the prospect of yet another closed, proprietary authentication protocol being added to the pot, especially from Microsoft who have previously been interested in OpenID. This will no doubt fragment the "single sign-on" market still further, meaning that people are inevitably going to have to get yet another single sign-on account in order to sign in to the full spectrum of sites.

So what benefits does Live ID bring to the table? The thing that jumped out at me most was the inclusion of remotely-initiated sign-out, which also includes the ability for the Live ID site to attempt to end all of a user's login sessions simultaneously. This is something that OpenID struggles with, since OpenID itself does not have the concept of a "session" and is merely an authentication mechanism.

"Single sign-out" has certainly been discussed before, and the concept of sessions is perhaps a common enough one to warrant a IdP-managed session layer on top of OpenID Authentication.

Comments

  • (comment with no subject)

    According to some random person (http://simonwillison.net/2007/Aug/17/angus/#c37155), the Terms of Service forbid proxying.

    (note that I can't substantiate that; navigating through the maze that is msdn.com isn't my idea of fun.)
    By ext_59783 at 02:22 am on 18th Aug 2007