A string of code buried within Flickr, Yahoo's photo sharing site, suggests the internet giant is gearing up to support the decentralized identity system OpenID by becoming an OpenID provider.
Simon Willison discovered that the source code for photostream pages on Flickr contain a code snippet that would allow Flickr accounts to act as OpenID URLs. Since Flickr accounts are tied to Yahoo IDs, this code also suggests that Yahoo intends to support OpenID within more Yahoo properties than just Flickr. There's also an new page live at me.yahoo.com with the title "OpenID Provider 2.0." While at the moment that page isn't much, it certainly looks like it could act as an OpenID endpoint - a way to manage your identities and outside access.
On Monday at the Consumer Electronics Show in Las Vegas, Yahoo CEO Jerry Yang unveiled some strategies for integrating access to outside sites into the as-yet-unreleased Yahoo Life service. Yahoo's plan for the service involves the tight integration of not only its own properties, but also outside services like MySpace, LinkedIn and others. By acting as an
OpenID provider, Yahoo would afford its users the ability to control their access to these sites from one central location. Support for OpenID seems like a great early step that would help Yahoo Life get off the ground.
When asked to provide details about this development, Yahoo spokesman Dennis Roy declined to comment, saying the company "doesn't discuss rumors or speculation."
Such a move would also make Yahoo the first of the big three
internet properties to embrace OpenID on a grand scale. Blogger, a
Google property, is an OpenID provider and supports OpenID commenting, but few of Google's other services have made a move to embrace the emerging standard.
Not only would OpenID support mean that Yahoo members would have a simple URL to login to other sites, but your OpenID endpoint could serve as a way to manage multiple identities and claim URLs in outside services. And the implications extend beyond just an easy way to login to your Flickr account since OpenID is also good for claiming ownership of a URL - in other words it's a handy way to point a profile-type page to all the various services you use.
Google's Profiles service offers this sort of functionality, but it's not OpenID enabled, so there's no way to verify that the links you provide are actually yours. Having a centralized OpenID page, such as the one implied by the me.yahoo.com URL, would enable any other OpenID client to immediately know all the services you're a part of. Of course its equally easy to deny them such access.
The me.yahoo.com site could be set up as a Directed Identity endpoint. Directed Identities are part of the OpenID 2.0 spec and are somewhat complicated, but as Willison highlights:
What that amounts to is something like auto-generated disposable identities, which is great for those concerned with privacy. And note that there's nothing stopping you from having multiple OpenID identities, you can even manage them in the same place, something people often overlook.
Even if Yahoo were to start by simply making your Yahoo account into an OpenID provider, given the number of Yahoo users worldwide, that alone would mean a significant chunk of the internet would suddenly have access to OpenID, something that would no doubt be a boon for OpenID support on other sites. OAuth
would be another great addition for Yahoo APIs, but so far no signs of that.
Of course none of this is live yet, though since the code is already in the Flickr pages, we expect Yahoo to flip the switch sooner rather than later.
See Also:
