OpenID 2.0 Final

The next version of OpenID, the open authentication system, is finally a released specification. As well as the technical work on the 2.0 specicifaction, the community has worked to ensure that OpenID is freely implementable, resulting in the execution of a non assert agreement by the contributing parties.

As a board member of the OpenID Foundation, I am grateful and happy of the careful work by AOL, Cordance, JanRain, Microsoft, NetMesh, Six Apart, Sxip, Sun Microsystems, Symantec, Verisign and Yahoo!. Last week Google and Microsoft also showed their support of OpenID by respectively launching OpenID support in Blogger and by Microsoft Research. With support from these big vendors, many of the shipping open source reference implementations, I have big hopes for the adoption of OpenID as well as the technologies that will be built on top of it.

Late summer 2005, Brad Fitzpatrick at Six Apart came up with OpenID to facilitate authenticating your ownership of a URL to another website. The driving force behind this was to enable commenting across multiple blogging sites with the need for accounts on each of these services.

OpenID should be viewed as a core fundamental enabling technology. It allows the authentication and exchange of account data between un-related websites. Indeed, it does not attempt to solve higher level problems, such as authorization. Instead you can invision it as the underlying technology for interactions between social networks, like the interaction that Tim talks about in It’s the data, stupid.

tags:
  • http://www.istudioweb.com Vlad

    Is there a reliable WordPress plugin for authenticating users with OpenID? That would be nice…

  • http://www.davidrecordon.com/ David Recordon

    Vlad, take a look at WP-OpenID. http://wordpress.org/extend/plugins/openid/

  • jones

    Nobody in their right mind is going to hand over authentication. OpenID will work for low-security blog commenting, but that will be the extent of it.

  • Dustin Anderson

    Jones – You’re right, nobody in their right mind is going to hand over authentication. You’re talking about the wrong “nobody” though.

    The people who aren’t going to hand over authentication are the end users. People like me.

    I’m tired of handing over my password to every little (or big) web 2.0 site that I might use 3 times a year… I’d prefer to trust ONE vendor, like Verisign or some other reputable company to hold my OpenID data. As a web developer, I know how easy it is to build authentication, and how easy it is to screw it up. How do I know which sites are doing it right? I don’t… which is why I’d rather use OpenID…

  • http://www.insight-it.ru Ivan Blinkov

    Anyway this technology is a nice alternative method of authentification to many websites.
    I don’t think it would ever substitute the common login and password scheme, but the role of offerenig a choice to potential visitors it plays well enough.