Increasingly, the physical location and management of physical and logical (software) assets for an enterprise are being outsourced to what is referred to in the industry as cloud environments. The ability to outsource the management and support of both physical and logical assets has a tremendous upside to enterprises.
One technology area that consumes a lot of Information Technology (IT) resources is authentication. A typical IT department has to deploy a variety of protocols, storage, and services to support authentication for access to enterprise resources. The industry has recognized this issue and has responded with OpenID.
OpenID is a non-profit consortium of developers, entrepreneurs, designers, and enterprises dedicated to improving identity-based technologies, security-based technologies, and privacy-based technologies.
OpenID permits an enterprise to outsource authentication for access to the enterprise's resources. This is done by permitting users to use one OpenID identifier and password to access multiple different enterprise sites. The enterprise benefits in that authentication is outsourced to a cloud, such that management and support is no longer an internal issue to the enterprise. The user benefits in that authentication to multiple sites require only a single identifier and password, such that multiple identifiers and passwords need not be remembered.
Essentially, OpenID is an authentication protocol being used in cloud environments to provide authentication for low to medium value web services. The protocol has proved to be very popular because it provides basic security with a very simple setup implementation.
One of the perceived weaknesses of OpenID is that almost any service provider can request authentication from almost any identity provider. However, in most enterprise environments access control of sites that can be authenticated is needed as well as auditing of access to such sites; this is needed for providing required compliance and security. Moreover, for internal enterprise users to gain access to other services via the OpenID protocol requires them to remember an additional OpenID identity for that which is used to authentication within the enterprise.