Yahoo users can now use their user names and passwords to access non-Yahoo websites supporting the OpenID 2.0 digital identity framework. This will reduce the amount of different log-in information people need to create, remember and enter online.
Already, almost 10,000 websites support OpenID, an open framework available for free, according to the OpenID Foundation. Yahoo's move is set to triple the number of OpenID accounts to 368 million by adding its 248 million active registered users to the rolls.
OpenID addresses one of several issues related to giving people more control of their online activities. Other groups are focusing on data portability, to let people move around the data and content they create online, so that they don't have to enter it manually in, say, every social-networking site they sign up for.
Yet other initiatives, like Google's OpenSocial, aim to create standard interfaces so that developers can create applications that run in multiple social-networking sites, instead of having to rewrite the same application multiple times for every site.
For all of these initiatives, it's critical for major Internet players to get involved, so that the benefits of standard technology and methods developed by groups like OpenID can have a real-world impact.
Unsurprisingly, Scott Kveton, the OpenID Foundation's chairman, hailed Yahoo's support as a crucial validation of the framework that will help spur its adoption by other large website operators.
Other major players that have expressed interest and gotten involved in varying degrees with OpenID include Google, Six Apart, AOL, Sun, Novell and Microsoft.
Yahoo users will be able to take advantage of OpenID in two ways, said Raj Mata, Yahoo's membership director.
The first is through the traditional OpenID authentication method: a unique URL string in the format http://me.yahoo.com that will be assigned to each Yahoo member and which they can enter into the log-in prompt in OpenID-supporting sites. That URL string will start with http://me.yahoo.com and be followed by a unique identifying word, Mata said.
On 30 January, Yahoo members will be able to retrieve their OpenID URL by going to the Yahoo/OpenID site. The OpenID URL will be assigned by Yahoo, but users will be able to change the unique part of the string to a word of their choice, Mata said.
The other way in which Yahoo users will be able to take advantage of OpenID is in sites that, in addition to the URL string, will also embed a conventional Yahoo log-in prompt on their site. In those cases, Yahoo users will simply need to enter their Yahoo user name and password to log in. The information will be verified on Yahoo servers and, once authenticated, Yahoo will inform the external site that the person is a Yahoo user. The external site doesn't see any log-in information, Mata said.
From 30 Janaury, the Yahoo/OpenID URL will work with all OpenID-supporting sites, while the more conventional log-in prompt is expected to be operational on a few sites, such as Plaxo's, that are collaborating with Yahoo to implement it, Mata said. Yahoo hopes that as OpenID matures and gets refined, the authentication method will move away from the URL method and toward the conventional log-in prompt, he said. Yahoo will put instructions and code on its website so that third-party developers can embed its log-in prompt on their sites.
Yahoo participated in the development of version 2.0 of the OpenID framework, which the company said provides new security features. Yahoo users who log in to third-party OpenID sites should know that the log-in process doesn't reveal email or instant-message addresses.