|
|
|||||
OpenID on the Upswing
OpenID is an identity system that allows you to have one username and one password for multiple sites. Your username is an URL. The password is whatever you choose (and like all paswords you should keep it secret). There are several different configurations that you can use to have an OpenID
I know it sounds interesting, but what good is it to you now? OpenID is currently accepted by around 500 sites including Vox, LiveJournal, and Zooomr. Sxip is now supporting OpenID in their identity applications. Expect more Open Source applications to begin including it in an attempt to claim the I Want My OpenID Bounty.Yahooligan Simon Willison, co-creator of the Python web application framework Django, has been tagging all of the sites that accept OpenID with the tag OpenIDConsumer. Identity is one of the last pieces of the Web 2.0 puzzle to become decentralized and fully owned by the user. Up till now we've had to rely on sites to control our identity; now with personal sites (mostly blogs) becoming common there is finally a mechanism for us to take our identities into our own hands. Kaliya Hamlin, Identity Woman, will be doing a session on User-centric Identity Systems (including OpenID) at the Web 2.0 Expo this April.
|
|||||
© 2012, O'Reilly Media, Inc. (707) 827-7019(800) 889-8969 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
|||||
Comments: 27
Tony [21 December 2006 01:11 AM]
Note to the editor: Zooomr is spelled with three Os, not two. The current URL points to a link-farm.
Thanks for an awesome and informational post on OpenID!
Paul Annesley [21 December 2006 01:19 AM]
Another note to the editor: the first link to openid.com also points to a link farm.
You'd be wanting openid.net
Andrea Beggi [21 December 2006 01:49 AM]
The correct link should be: http://openid.net/
falcon [21 December 2006 07:19 AM]
I just started reading up on open id. Does it make sense to have non-technical users sign up for open id? Will users understand that their username will now look very similar to a URL or their email address?
Henrik [21 December 2006 08:54 AM]
All it comes down to is wether the average user finds it valuable. I'm not too sure they actually do. A key thing is that registration on a site supporting OpenID must be just as simple as on one without.
Brady Forrest [21 December 2006 10:49 AM]
Why not simply use the same username/password for all sites? This makes even more sense using a username/password hashing page then ensures a unique, obscure p/w for every site you login to.
Really, I don't believe online identity is the same as unified login. The harder question is: how do you know I am who I claim to be? To make my point, I signed this comment using your name.
Kevin Turner [21 December 2006 12:02 PM]
You're right, that is a harder question. However, answering that question is also *completely unnecessary* for most of the communities we build on-line.
Larry Seltzer [21 December 2006 12:52 PM]
Brady: If you use one username/password combination and it's compromised you're going to have a hard time changing them all. With OpenID you can change it at one point. Plus you can get feedback on the ID's use to see if others are using it.
Sid Steward [21 December 2006 02:03 PM]
Kevin- You're right, but I believe it will become more important. Solve the online ID problem and you'll solve the spam problem.
Larry- It was I who wrote that 'one username/password' post, using Brady's name to make my point. Sorry for any confusion.
Richard Kastelein [22 December 2006 12:58 AM]
3PD developers from the Linuxworld Award Winning Joomla are working on a solution for OpenID as well.
Peter Cranstone [22 December 2006 09:01 AM]
Open ID is a good idea. It's trying to solve the "Who" problem. As in, Who am I and can we make logging into a web page(s) easier. It's part of what I call the trifecta problem, or the "Who, What, Where" problem. Who is essentially "Me". My name, address, phone number, preferences. The What is the terminal and device capabilities of connecting device. This would be the screen resolution, the size of the screen, the bandwidth connection, the available memory (very important on a mobile device). The Where is my location in real time. This can be Area code, Zip code, or preferably my GPS location.
Open ID only solves one problem, leaving the customer wanting more. It's the trifecta that makes the experience more consistent for the customer.
Customers don't buy technology, they buy solutions to their problems. The more complete the solution the happy the customers.
Cheers,
Peter
Dmitry Shechtman [23 December 2006 03:34 AM]
I believe BotBouncer is bad for OpenID. I detailed my concerns in this blog entry.
Jesper J [ 2 January 2007 11:57 PM]
One problem I don't see anyone discussing is that of accountability. If my private data is compromised at a Relying Party (OpenID consumer), who is responsible? An unreliable OpenID provider can compromise the data at a Relying Party, but since it's the user that picks the OpenID provider, it seems the Relying Party cannot be held responsible for the compromise. This leads to two questions:
1) How does a user know if an OpenID provider is reliable?
2) How does a Relying Party know how reliable an OpenID provider is?
It seems to me that serious Relying Parties (banks, telephone companies, etc.) will have to limit support to a few certified OpenID providers. This will lead to bi-lateral, proprietary agreements between OpenID providers and Relying Parties. E.g. Bank Of America may decide to trust Yahoo but not shadyOpenID.ru. Most likely, BofA-like companies will become OpenID providers themselves.
Users will also look for trusted brands when they pick an OpenID provider, so they will also gravitate to the few trusted entities with whom they have an existing relationship such as their bank, telco, ISV or portal (like Yahoo).
This is not to say OpenID is bad. It still provides more choice, openness and consistency that what we have today. But it's naive to think that we the users will be completely decoupled from corporations and finally own our identity.
Jesper
Sid Steward [ 3 January 2007 09:17 AM]
Jesper-
One idea I've had to address the accountability issue is to create a web services provider that is organized as a cooperative. That way the organization is 100% aligned with its users.
Sid
Tahir [ 4 January 2007 05:46 AM]
Note to editor: 'Yahooligan' refers to a little kid who uses Yahoo! services for kids and not somebody who works at Yahoo! The latter is known simply as a 'Yahoo' (without the exclamation mark).
Salman FF [ 4 January 2007 10:16 AM]
On Identity becoming more decentralized: great point! But I am not sure it is one of the LAST pieces of the Web 2.0 puzzle which could be decentralized... For example, as per my name url, I wonder if there can be an underlying open (and may be open source) infrastructure that dis-integrates (ie disaggregates) web-based advertising... a decentralized Identity would certainly be one important element of that infrastructure.
radha [10 January 2007 01:48 AM]
Mphasis Technologies
Brighthouse [ 5 March 2007 09:49 AM]
I realy want use OpenID service provider. Saved info. Thanks
Guy Barsheshet [15 March 2007 05:42 AM]
It's not about replacing username and pass.
What happens when OpenID becomes a fact and users enjoy a smooth continuance flow between sites and services?
1. new user centric services/meshups.
2. enhance OpenId protocol supporting data exchange.
what else? ..
Adriel Bernier [22 June 2007 01:52 AM]
Comedian Russell Brand accepts damages over claims a girl was drugged and raped during a party...
Katalog Stron [ 4 October 2007 03:06 AM]
You're right, that is a harder question. However, answering that question is also *completely unnecessary* for most of the communities we build on-line.
chat [ 8 October 2007 09:46 PM]
You're right, that is a harder question. However, answering that question is also *completely unnecessary* for most of the communities we build on-line.
Stuart [12 November 2007 11:28 PM]
Please note the first link for OpenID points to openid.org, which has been somewhat.. blacklisted I suppose for want of a better word, by the OpenID community for the owner's shonky practices regarding the domain.
You would be wanting to point to openid.net instead.
:)
Halve [14 November 2007 10:31 AM]
I am the affiliate coordinator over at Vidoop and just wanted to mention that we have an affiliate program as well. It is a simple sign up process and is basically the same as myopenid.com’s affiliate sign up. Another point to make is that offering users a few recommendations to a few “good” OIP’s is good practice and let’s them know you are helping them select a reputable OIP. The sign up is at affiliates.vidoop.com
Asia [12 April 2008 09:00 AM]
Super article. Thanks
Części Mazda [24 April 2008 07:28 AM]
Really good article . Big thanks man :)
zegarek [28 June 2008 12:34 PM]
Verry helpful article for me..
Best regards !