We launched SignOn.com today, a free Personal Identity Management service which provides people with a no-frills OpenID account for use at any OpenID enabled website. Instead of passwords, if the user so chooses, the service leverages Information Cards for authentication.
The release of this service marks just the beginning of our offerings designed to explore the intersection of business and consumer interactions, and to fine-tune the user-experience and business model of an independent identity provider.
The SignOn.com team, lead by Ashish Jain, really did a nice job with this one, creating a service that is useful today, and will only grow in utility over time.
Details of the service are as follows:
- Information Cards enabled OpenID 1.1 Provider
- Supports SREG for attributes exchange
- HTTPS required for OpenID Authentication (reduces man in the middle)
- Supports self-issued (personal) information cards for authentication. (reduces phishing attacks)
- User can register multiple self-issued cards (one for office, one for home etc….since mobility is a big issue with information cards)
- Support for ‘Trusted Sites’.
- Support for Activity (client IP, time, target RP etc).
- Support multiple identifiers (e.g. user.signon.com, http://user.signon.com, https://user.signon.com).
- Future version will support Managed cards, SAML & WS-Federation. A demo of the Managed Card functionality is being held at the Catalyst interop event.