OpenID is a new way of authenticating yourself on the net. "[It's] an open, decentralized, free framework for user-centric digital identity." (http://openid.net) It's very simple and seems to me to be very versatile although the descriptions of it leave a little to be desired. I've had a close look at it and I like it, so here's my interpretation of OpenID.
One Username for allThe idea is that you create a unique id that you register somewhere with a password. Then you use your unique id and password at all the sites you visit. One id, one password, very simple. Sounds very much like the derided Microsoft Passport, right? Well, the basics are there but OpenID is so very much more versatile and not in the control of one single corporation.
One way of creating a unique id is to use a URL that you can prove you are the owner of. You register a name and password at any OpenID server, you can have your own on your own server if you want. You get back a URL that you can use to sign in to OpenID enabled sites. Mine is
http://specialk.myopenid.com. When I give that name to a site, it contacts the OpenID server at the URL given and the OpenID server asks me for my password.
Ok, so far, neat but not earth shattering, it's still very much like MS Passport.
PersonaThe OpenID server tells me which site wants me to login (well, that's obvious) and also about the fields of information that the site is asking for. It allows me to create a new persona showing optional and required fields that the site is asking for or to use an existing persona. I can then opt to allow the login and give the credentials once, or always.
One Password SiteFrom a security point of view, my password goes to the server site, not the site I am logging in to. One nice thing about this is that the server does not always require my password because once I have signed into the OpenID server site, the server knows who I am, it just asks which persona I want to use.
Myopenid.com also keeps track of sites that have asked for my credentials but there are anonymous servers around too, one where you can just
make up an OpenID URL and start using it.
Ok, pretty neat now, but what if I want to change my OpenID server or it goes belly up, do I have to re-register with all the sites I want to use? Well, no, because I don't have to use the server's URL for my identity I can use one that I will always have e.g. one from my own domain and redirect that page to the OpenID server of my choosing.
I have set up a page on my site to use as my OpenID URL, it is at
http://www.somewhere.com/openid/myname. This page contains:
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="openid.server"
href="https://www.myopenid.com/server">
<link rel="openid.delegate"
href="http://specialk.myopenid.com">
</head>
<body/>
What it does is redirect the request from the site you want to log into, to the real OpenID server. This allows mt to have a permanent OpenID URL entirely under my control and I can change the server whenever I like. The sites I log in to will know me by my
somewhere.com URL.
Neato or what?
LinksThere are only a handful of
sites using OpenID so far but Digg are planning to use it, Microsoft and AOL are involved, this could be big.
There are already many
software libraries to make it easy to use OpenID for your sites.
Public OpenID servers offer different service extras, you can shop around.