OpenID

Most of us have lost track of the number of usernames and passwords we have for the hundreds of sites that we visit on the web. In the offline world, we carry just a couple of ID cards (like a driver's license and a school ID, for example) that everyone can use to identify us. So why should it be any different on the web?

This isn't a new problem space, and there have been a number of attempts to implement "single sign-on" systems for the web, none of which ever really took off. Microsoft's Passport (now Live ID) service is one of the most well-known examples. One of the biggest concerns with such services is that they're centralized, and your online identity is essentially in the hands of a single company. As you can imagine, that wasn't something people were comfortable with.

OpenID is a relatively new, community-driven initiative that's attempting to solve the online identity management problem, and it's already showing signs of potential success, with backing from large corporations like AOL [1], Microsoft and VeriSign, as well as popular web services such as Wordpress.com, LiveJournal, Digg, Technorati, Drupal, and so on. The difference this time, though, is that your identity isn't in the hands of a single company, and you can move to a different OpenID provider at any time.

There are two basic parts to the OpenID system - an OpenID provider and OpenID relying parties. There are several OpenID providers that you can sign up with, or you can even run one yourself. Relying parties are basically sites that are OpenID-enabled. Rather than creating a separate account for each site, you simply log in to a relying party using your OpenID (which is just a URI like kunalk.myopenid.com). You are then redirected to your OpenID provider's page, where you sign in, and you are then redirected back to the relying party as an authenticated user.

If you have your own site or blog, you can turn its URI into your OpenID without having to install anything. Once you sign up with one of the many OpenID providers out there, you just need to add a couple of lines of code to the "head" section of your index page. If you look at the source code for this page, you'll see what it looks like.

You can also define multiple personas that tell your OpenID provider exactly what personal information it can share with a relying party. For instance, I can allow my OpenID provider to share my mailing address and phone number with a certain site so that I don't have to fill out that information manually when while registering, but I can choose to share only my first and last name with another site.

It's a simple, but at the same time, effective way to maintain a single identity on the web. You can find out more about getting an OpenID or making your existing apps/services OpenID-enabled at OpenID.net.

[1] If you have an AIM screenname, you've already got an OpenID - openid.aol.com/name

Tags: , ,