jalon q. zimmerman

While at the VeriSign Technical Symposium last week, I got to hang out with the guys building the VeriSign Personal Identity Provider, an OpenID implementation. I am already a fan of ClaimID, which is another OpenID provider and have been using VeriSign authentication tokens for work. It’s interesting to see the convergence of the Paypal and EBay markets, the VeriSign security tokens and OpenID.

Paypal and Ebay have achieved a critical mass of users and seem to be able to define an entire market segment by simply rolling out new technology. Security tokens have been in use for awhile in the enterprise but Java rings, smart cards, tokens and other things were just a bit early for the consumer. There was no market demand.

Given the fraud issues on Paypal and eBay, consumers are acutely aware of the need for something better than just a password for authentication. Paypal is now offering a VeriSign security token for $5 each on their website. You have to dig around to find it, but its there. Once you order one, a whole new world opens up.

The classic concern raised about security tokens are that they are bulky and they only work with one vendor. Enter the idea of a “networked” token. One token, issued by a large certificate authority, can now work for any vendor that chooses to implement their solution. The Paypal token, being issued by VeriSign, already automatically works for eBay. The secret here is that this is not a “Paypal” token, this is a VeriSign Identity Protection device. You will use it with a lot more stuff than just Paypal and eBay.

As more vendors adopt the VeriSign token, the network will grow and each user getting a token will be able to use it with more and more vendors. eBay and Paypal have simply jump-started the consumer adoption.

One such compatible implementation is the OpenID based VeriSign Labs Personal Identity Provider. Create a profile and activate your VeriSign token in it, now you have just upgraded your OpenID authentication to use the token for OpenID logins!