As with federated identities, I thought that OpenID had no space in the enterprise.The main thought was, that OpenID make me the owner of my identity, and lets me choose where to use it. This is usually not what the enterprise wants. My enterprise identity, i.e. my accounts and profiles with the IT systems of my employer, belongs to my employer, not to me.
So, why should an enterprise care ?
Well, there are people who use their corporate account names and passwords on external sites as well.
They might use it for their email account, or eBay, ... Or they use their corporate email address to register with amazon and others who base an account on a email address. And usually, people tend to use the same password as well.
Bad idea.
But this (mis)concept exists, since there are "external" account, CompuServe, AOL, fidonet, whatever... and of course all those fancy sites on the web. And this behavior could never be eradicated. Because people (and therefore users) are lazy bastards.
Well - you can write and publish policies that forbid this (and all enterprises have those), but frankly, who cares. Who even reads them.
So why not turn 180° and actually allow this... even more: encourage it.
Become an OpenID provider and let users use their corporate account to login at your openid provider site. That way, the can stay lazy, but never give a password to other sites... They only enter it at your site(s).
The only drawback right now is, that there are still not enough openid enabled sites... but they are growing... rapidly actually.
Google, or rather Blogger only, now
Subscribe