There are clear benefits to users in having one system to manage their internet identity (or identities) across the universe of web services they might wish to use.
Also, as we've seen in other arenas, clear risks: for example, if there's a bug in the implementation (or, more rarely, a shortcoming in the protocol specification itself) that opens the door to one of the attacks outlined in the OpenID article, then you're potentially compromised all over the place, not "just" at one site.
Of course, even a one-site compromise can be seriously painful, as T.J.Maxx / Marshalls / HomeGoods customers discovered this week. :-/
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds