One Web, One Web ID

Wen MySpace announced in July that it was adopting OpenID, supporters of the universal sign-on system hurrahed.
The number of “OpenID-enabled users” passed half a billion with the MySpace addition, says Bill Washburn, executive director of the OpenID Foundation. “It’s clear the momentum is only just starting to pick up.”
OpenID is the most visible and highly evolved manifestation of the “user-centric ID movement”—a system of near-universally accepted online personal identity management capabilities controlled by users, residing in a single secure place (either on the user’s machine or in the Internet cloud), and employed with a single click across the Web. Once it’s widely accepted, OpenID will let Internet users move from one Web site to another, signing on with a single, transportable login.
There’s one problem: MySpace, and most of the tech giants supporting OpenID, will only provide OpenID capabilities; none of them will accept it. In other words, you can use the protocol to create a single, transportable login to take your MySpace persona elsewhere on the Web, but you can’t use another provider’s OpenID account to log in to your MySpace account.
“It’s a one-way street,” says Bob Blakley, a VP and identity management research director at the Burton Group research firm. “It means they’re happy to create a risk for others by creating OpenIDs but not willing to accept risks other people create by issuing OpenIDs.”
The few companies that are making broader use of OpenID are doing so very cautiously. Microsoft’s Health Vault, for instance, accepts OpenIDs from two providers, based on their level of assurance and trustworthiness. Other companies are accepting OpenIDs from some providers, without publicizing their criteria.