Wednesday, April 18, 2007

Implementing openID

David Recordon, Verisign, and Brian Ellin, JanRain, gave a fascinating overview to the benefits and simplicity of OpenID. OpenID is an open source solution for authentication. It is:
  • Single Sign-on for the web
  • Simple and light-weight
  • Easy to use and deploy
  • Open development process
  • Decentralized (no single Point of Failure)
Its a URL. People understand URL. They have been on billboards and TV for years.
  • Liberty Alliance - Great for the enterprise
  • TypeKey - Centralized
  • Miucrosoft Passport - Centralized
The question is "Do you trust them"

The point with openID is that You choose who manages your identity. You can change that later. 90 Million OpenIDs including every AOL screen name. In 18 months Relying parts have grown to over 2,500. Opensource is adopting OpenID including mediawiki, phpBB and Ruby on Rail. Major web sites use OpenID such as Digg, Technorati, six apart, netvibes, wordpress. magnolia, 37signals. Major companies have adopted: AOL, Reebok, OpenID is another important building block for the web that links in with Microformats, calendaring and social networking to round out basic functionality that benefits everyone by becoming pervasive.

Why add OpenID to your project?

  • Reduce friction because users don't have to create new user accounts and passwords
  • Simplifies account setup
  • Site specific hacks such as using AOL OpenID lets you know you can send IMs via AIM
  • Simplifies the application by reducing the load of account management


OpenID Provider. Makes assertions about an OpenID. OpenID Relying Party. The site that wants to verify ownership of an OpenID.

How to

OpenID delegation <link rel="openid.server" href="" /> <link rel="openid.delegate" href="https:://" /> This feature allows you to change your backend openID provider without impacting all of the relying parties. ... Or you can run your own OpenID Server. phpMyID is an opensource code to provide OpenID support. Source is available at

OpenID downsides?

What about phishing? How to deal with this? OpenID has added the ability to use a client-side SSL certificate. Microsoft CardSpace is included in Internet Explorer 7 and in Windows Vista. Vidoop. Removed the traditional password and use images tied with keys tied to the images. Verisign OpenID Seatbelt. A Firefox and Internet Explorer plug-in. This plug-in detects openid_identifier and activates the plug-in. Ficlets from AOL was used as the example of openID login.

The calendar used at the Web 2.0 Expo event was updated to incorporate OpenID in approximately 45 minutes in Ruby on Rail. OpenID is a lightweight and simple protocol to implement.

OpenID provides choice and the decision about what tools to use is down to the OpenID provider. OpenID sign in can use out of band communication to check for authentication.

more information is available at



1 comment:

  1. I saw a pretty cool demo of this at - it lets you use your Yahoo ID as your open ID. The implication is that you would then be able to have people authenticate to your website using their Yahoo login.