I’ve known about OpenID for a while now, but never went any further than to know the name. The OpenID website describes OpenID as “an open, decentralized, free framework for user-centric digital identity” – basically, a Google Account that has nothing to do with Google and not tied down to just Google products. I know I’m overlapping and mentioning Google here, but that’s the only thing I can compare it to. OpenID, I believe, is rapidly spreading across quite a view applications – both on the internet and software installed on computers (in the open-source community certainly).
What is OpenID?
OpenID is a framework that anyone can take and setup to host their own, and others’, online identities and use this identity on software and websites that accept this method of login. The concept of OpenID is that everyone is identified using a URI – the core of web architecture. The framework means that when you login using your OpenID, you use your URI provided (the site you create your OpenID with becomes part of your URI) to login instead of the conventional username and password. Once you’ve done this, the service redirects you to the website your OpenID is stored to verify your password and then once you’ve entered that, returns you to the site logged in.
What makes OpenID better?
You may be wondering why this makes OpenID better, safer, than using a different (or probably the same) username and password for every different website you visit. Well, it means that only one site securely holds your details and you only have to remember your unique URI and your password – one you can bookmark and the other one you can remember. Although earlier I compared it to Google Accounts, you can see now that it’s quite a lot different. It’s open-source, free, universably implementable and, most of all, not held by Google.
OpenID is in it’s infancy and hasn’t had the resources and money that other services like Microsoft Passport and Google Accounts has. This can be seen. Can you log into this blog with your OpenID? Can you login to your most visited forum with an OpenID? Actually, have you heard of OpenID at all? I suspect, according to my Google Analytics report, that half of you have heard of it. It’s slowly gaining favour and a number of well known sites have already implemented it.
Problems with OpenID
I can’t see many major problems with OpenID. The theory is very nice and sounds safe but it’s the implementation of the idea. There’s an element of trust involved with using OpenID in that you have to trust a site to host your identity. As long as you’re not stupid and create your identity with www.istealyouridentity.net then it seems that you’re pretty sound. Some of the problems I see though is that if a large number of users rely on one OpenID provider, login (especially secure login) could be painfully slow. Another problem would be if that provider to go offline for a prolonged period of time. Take your electricity supply as an example here. You get your electricity from one supplier and you have many appliances relying on that supply to remain constant, for example your computer. When that supply is cut, you lose the ability to use any of those appliances (don’t be pedantic and say you use a laptop). The same would be true for your OpenID provider. If your provider goes offline, you lose the ability to use any sites you log in with your OpenID with. You’re trusting your provider with the ability to provide you with your identity when you need it.
I want to implement it!
As OpenID is an open-source framework, you can implement it into your web and/or software applications in a number of different programming languages. The great community has created a number of frameworks and plug-ins for all sorts of other open-source applications. You can implement it in PHP, Python, Ruby, Perl, Java, C++ and C#.
OpenID – The Anti-Google
I would really like to see OpenID adopted by a larger number of services on the internet. Forums especially because that would save a lot of hassle and you could use the same identity on all the forums you visit. The OpenID is a promising framework that developers could adopt quite easily if they wanted to – it would save them a lot of time rather than programming their own registration and login process. I think though that a number of things could be done to improve the image of OpenID and also help the common internet user trust the idea more. Firstly, I’d like to see an ‘official’ OpenID provider – atleast one operated and maintained by some official standard body. This would allow developers to implement their own OpenID provider while allowing a new adopter of OpenID – the common user – to get an account via a trustworthy site. Secondly, I think that a package has to be put to together that will allow a user to setup their own OpenID server. This would make adoption easier and most likely increase it.
If you’re reading this and you’re a software/application developer, what’s your opinion and experience with the OpenID framework? If you’ve never tried it before, please be willing to implement it into any software you see fit to implement it in. I’ve only been researching the OpenID project for an hour. Please, lend your experience and thoughts.
Interesting analysis of an interesting technology. It really does go further down the road of TimBL’s idea of everything in the world being represented by a URL. There are actually bounties of $5000 or something to get OpenID implemented into Drupal, Wordpress, etc. I’ve not really researched it yet but it is an interesting thing I plan to look into. What would be really nice would be a simple PHP script anyone could upload to their server and instantly give themselves a standalone openID manager.
A .net passport is another thing you could compare it to.
As a form of user owned and operated identity, OpenID beats the pants off of federated identity services (like google accounts or .NET passports).
I’m hacking a Wordpress plugin right now. Plugins aren’t eligible for the bounty program, but that doesn’t mean people can’t make use of it.
Thanks for the info on the OpenID Wordpress plugin! I am quite surprised that Wordpress doesn’t offer OpenID logins even as an option. Keep up the good work, I’m going to use your plugin.
Hello,
We (JanRain, Inc.) maintain a list of ready-to-use OpenID-enabled sites on our sites directory at http://www.myopenid.com/directory. Our OpenID dev site, http://www.openidenabled.com, hosts our library source and other application modifications. Wikitravel’s OpenID support can be downloaded as a mediawiki extension from the MediaWiki SVN, and was written by the creator of Wikitravel, with some contributions from me. You can also get a Drupal OpenID plugin from the Drupal CVS or the Drupal module contributions site. Enjoy!