The Race for Internet Single Sign On
Posted by Bob Warfield on December 9, 2008
Single Sign On is a facility common in Enterprise Software that let’s you sign in once (or at least use the same userid and credentials) to gain access to every piece of software, even though they may come from many different vendors. It’s a nice time saving convenience. There is currently a big move afoot to provide SiSO (the usual abbreviation for Single Sign On) for the web itself. Google has OpenID, Facebook has recently delivered Facebook Connect, and now there is MySpaceID.
Who will be next? The browser owners such as Mozilla? SalesforceID? Why not? SFDC is cozying up to Google in various ways and it isn’t hard to implement SSO with the Salesforce platform. My own company, Helpstream, supports Salesforce and OpenID (e.g. Google) SSO. It’s a great convenience to our customers, and more importantly to our customers customer’s who use our application for Customer Service. When it comes to security issues, why should credit card issuers or some such get into the fray?
In the end, I can’t think of a good reason for any of these to be the dominant winner in the near future, so application vendors should support as many of them as they can. Eventually businesses will insist on SSO. They already have it for on-premises applications. Who knows, maybe business will insist on it for security reasons. That’s another factor in Enterprise use where businesses want an API that lets them rapidly shut off all the accounts for a particular user, for example, a terminated employee. None of the current Internet SSO options support that, but we saw such functionality added to the iPhone not long ago.
Dave Weiner, as channelled by Dare Obasanjo, says these standards are too complex and that points the way to a new generation. I disagree. It’s been easy to implement OpenID and Salesforce credentials at Helpstream, and we’re going to do Facebook next. This is just wishful thinking from Weiner and Obasanjo who abhor the idea that SSO might be locked up by one of these big players. The lockup isn’t going to happen precisely because it is pretty easy to support more than one. Dare also points out some good examples where you may not want a single ID identifying who you are in every web situation lest things become embarrassingly co mingled. OTOH, advertisers will love having yet another way to see whose footprints on various web pages are whose.
Keep watching the drama, and ask you software vendors to support the standards you want to use. It’s all part of the growth and maturation process for Cloud Computing. And be careful if you think your online presence is anonymous!
GigaOm: MySpace launches MySpaceID