The announcement this week by Yahoo that it is planning to test a beta version of its Yahoo ID that supports the OpenID 2.0 protocol has thrown a bright spotlight on the quickly growing online identity-management system.

As of Jan. 30, any of Yahoo's 248 million users will be able to log in to OpenID-compatible sites using a special version of their Yahoo log-in. When Yahoo users go to a site using the OpenID protocol, they will either see a special Yahoo log-in field, or they can type ""yahoo.com"" into an OpenID field to start the log-in process. The Website will redirect the user to Yahoo to log in, and then Yahoo will forward the user's identifying information back to the Website.
The net effect is that Yahoo users will only have to enter identifying information once -- on Yahoo -- rather than on multiple sites across the Web. Mixed Blessings for Online Reputation
The prospect of a single repository for online identity offers obvious benefits, as anyone who has typed their address and phone number into countless Web forms can attest. The prospect of not having to do that as often is appealing. But at the same time, using the same identity cache to populate multiple Websites poses a serious risk that the list of your Yahoo/OpenID Websites will be used as a tool to send highly targeted advertisements in your direction. Already, the Yahoo Privacy Policy makes it clear that it collects significant personal data from its users:
""Yahoo collects personal information when you register with Yahoo, when you use Yahoo products or services, when you visit Yahoo pages or the pages of certain Yahoo partners, and when you enter promotions or sweepstakes,"" the policy reads. ""Yahoo may combine information about you that we have with information we obtain from business partners or other companies.""
For many, that may not be much of a concern, but some people may worry about the idea of using the same log-in for the Wall Street Journal that they use for Nerve.com -- or even HillaryClinton.com. There is such a thing as too much information, and users must start thinking about just how much Web surfing information they want to make available to Yahoo or sites like it.
Lauren Weinstein, co-founder of People for Internet Responsibility and a longtime advocate for personal liberty online, said there have a been a variety of centralized ID schemes in the past, and -- in addition to convenience -- they all share several negative attributes.
""They introduce risks of a single security failure cascading to affect users at multiple sites where the identity is shared,"" Weinstein said. ""They make it easier for outside entities to track the comings, goings and other activities of users by tracking their shared IDs.""
The other obvious concern is that if one site is the repository of your log-in information for dozens of sites around the Internet, and that site gets hacked, then your security issues are much bigger than if a single site is cracked.
(Source: News.Factor)