Web single sign on has been the stuff of dreams for - well, for as long as the web has existed. Microsoft's much-derided Passport - placing all control in the hands of that institution - was the last serious attempt. Now, finally, we have an open, distributed standard that puts control with the user - OpenID.
Yahoo's implementation of OpenID is a massive filip for the standard. Although Yahoo is only a provider of accounts - it won't read accounts created elsewhere - yet it triples the ecosystem of OpenID accounts, making it ever more likely that the next generation of start-ups will consume these IDs.
OpenID has a key architectural advantage - usernames are URLs, not email addresses. That means you can tell someone your OpenID without getting spammed.
Trouble is, if you are
JohnDoe99@yahoo.com, what is the Yahoo OpenID you'll want?
http://openid.yahoo.com/JohnDoe99, of course. And if you give that out, people will be able to guess your email account pretty easily...
I have no idea how Yahoo (or anyone else) will prevent this. Perhaps the secret is to have a different email provider to your OpenID provider! If someone asks your email address, it feels impolite to ask them to look it up at your OpenID URL!
It's a social issue as much as a technical one. OpenID has the chance to make lire on the internet so much better, let's hope it grabs its opportunity!