I’ve known about OpenID for a while now, but never went any further than to know the name. The OpenID website describes OpenID as “an open, decentralized, free framework for user-centric digital identity” – basically, a Google Account that has nothing to do with Google and not tied down to just Google products. I know I’m overlapping and mentioning Google here, but that’s the only thing I can compare it to. OpenID, I believe, is rapidly spreading across quite a view applications – both on the internet and software installed on computers (in the open-source community certainly).
What is OpenID?
OpenID is a framework that anyone can take and setup to host their own, and others’, online identities and use this identity on software and websites that accept this method of login. The concept of OpenID is that everyone is identified using a URI – the core of web architecture. The framework means that when you login using your OpenID, you use your URI provided (the site you create your OpenID with becomes part of your URI) to login instead of the conventional username and password. Once you’ve done this, the service redirects you to the website your OpenID is stored to verify your password and then once you’ve entered that, returns you to the site logged in.
What makes OpenID better?
You may be wondering why this makes OpenID better, safer, than using a different (or probably the same) username and password for every different website you visit. Well, it means that only one site securely holds your details and you only have to remember your unique URI and your password – one you can bookmark and the other one you can remember. Although earlier I compared it to Google Accounts, you can see now that it’s quite a lot different. It’s open-source, free, universably implementable and, most of all, not held by Google.
OpenID is in it’s infancy and hasn’t had the resources and money that other services like Microsoft Passport and Google Accounts has. This can be seen. Can you log into this blog with your OpenID? Can you login to your most visited forum with an OpenID? Actually, have you heard of OpenID at all? I suspect, according to my Google Analytics report, that half of you have heard of it. It’s slowly gaining favour and a number of well known sites have already implemented it.
Problems with OpenID
I can’t see many major problems with OpenID. The theory is very nice and sounds safe but it’s the implementation of the idea. There’s an element of trust involved with using OpenID in that you have to trust a site to host your identity. As long as you’re not stupid and create your identity with www.istealyouridentity.net then it seems that you’re pretty sound. Some of the problems I see though is that if a large number of users rely on one OpenID provider, login (especially secure login) could be painfully slow. Another problem would be if that provider to go offline for a prolonged period of time. Take your electricity supply as an example here. You get your electricity from one supplier and you have many appliances relying on that supply to remain constant, for example your computer. When that supply is cut, you lose the ability to use any of those appliances (don’t be pedantic and say you use a laptop). The same would be true for your OpenID provider. If your provider goes offline, you lose the ability to use any sites you log in with your OpenID with. You’re trusting your provider with the ability to provide you with your identity when you need it.
I want to implement it!
As OpenID is an open-source framework, you can implement it into your web and/or software applications in a number of different programming languages. The great community has created a number of frameworks and plug-ins for all sorts of other open-source applications. You can implement it in PHP, Python, Ruby, Perl, Java, C++ and C#.
OpenID – The Anti-Google
I would really like to see OpenID adopted by a larger number of services on the internet. Forums especially because that would save a lot of hassle and you could use the same identity on all the forums you visit. The OpenID is a promising framework that developers could adopt quite easily if they wanted to – it would save them a lot of time rather than programming their own registration and login process. I think though that a number of things could be done to improve the image of OpenID and also help the common internet user trust the idea more. Firstly, I’d like to see an ‘official’ OpenID provider – atleast one operated and maintained by some official standard body. This would allow developers to implement their own OpenID provider while allowing a new adopter of OpenID – the common user – to get an account via a trustworthy site. Secondly, I think that a package has to be put to together that will allow a user to setup their own OpenID server. This would make adoption easier and most likely increase it.
If you’re reading this and you’re a software/application developer, what’s your opinion and experience with the OpenID framework? If you’ve never tried it before, please be willing to implement it into any software you see fit to implement it in. I’ve only been researching the OpenID project for an hour. Please, lend your experience and thoughts.
