Dec 20

Brady Forrest

Brady Forrest

OpenID on the Upswing


OpenID is a lightweight, decentralized identity system that has been gaining prominence. I expect this upcoming year to be a big year for OpenID -- and not just because of the Google trend chart with the recent uptake in search query share.


OpenID is an identity system that allows you to have one username and one password for multiple sites. Your username is an URL. The password is whatever you choose (and like all paswords you should keep it secret). There are several different configurations that you can use to have an OpenID

  • You can use an OpenID service provider and use the provided URL on their domain (e.g.

  • You can run your own OpenID server on your own server with your own domain (e.g.

  • You can use a hosted OpenID service with your own domain (e.g. Learn how for your site or blog.)

Lately there have been a plethora of OpenID services launching. All users of SixApart's Vox and LiveJournal users automatically have OpenIDs. If you want to use a hosted service JanRain's MyOpenID just launched with an affiliate service (for companies that want to support OpenID, but don't want to maintain their own server). They also launched with a free CAPTCHA webservice called BotBouncer aimed at servicing OpenID-enabled sites. You can find other hosted services as well as your identity servers on the OpenID Wiki

I know it sounds interesting, but what good is it to you now? OpenID is currently accepted by around 500 sites including Vox, LiveJournal, and Zooomr. Sxip is now supporting OpenID in their identity applications. Expect more Open Source applications to begin including it in an attempt to claim the I Want My OpenID Bounty.Yahooligan Simon Willison, co-creator of the Python web application framework Django, has been tagging all of the sites that accept OpenID with the tag OpenIDConsumer.

Identity is one of the last pieces of the Web 2.0 puzzle to become decentralized and fully owned by the user. Up till now we've had to rely on sites to control our identity; now with personal sites (mostly blogs) becoming common there is finally a mechanism for us to take our identities into our own hands.

Kaliya Hamlin, Identity Woman, will be doing a session on User-centric Identity Systems (including OpenID) at the Web 2.0 Expo this April.

tags:   | comments: 27   | Sphere It

Previous  |  Next

0 TrackBacks

TrackBack URL for this entry:

Comments: 27

  Tony [12.21.06 01:11 AM]

Note to the editor: Zooomr is spelled with three Os, not two. The current URL points to a link-farm.

Thanks for an awesome and informational post on OpenID!

  Paul Annesley [12.21.06 01:19 AM]

Another note to the editor: the first link to also points to a link farm.

You'd be wanting

  Andrea Beggi [12.21.06 01:49 AM]

The correct link should be:

  falcon [12.21.06 07:19 AM]

I just started reading up on open id. Does it make sense to have non-technical users sign up for open id? Will users understand that their username will now look very similar to a URL or their email address?

  Henrik [12.21.06 08:54 AM]

All it comes down to is wether the average user finds it valuable. I'm not too sure they actually do. A key thing is that registration on a site supporting OpenID must be just as simple as on one without.

  Brady Forrest [12.21.06 10:49 AM]

Why not simply use the same username/password for all sites? This makes even more sense using a username/password hashing page then ensures a unique, obscure p/w for every site you login to.

Really, I don't believe online identity is the same as unified login. The harder question is: how do you know I am who I claim to be? To make my point, I signed this comment using your name.

  Kevin Turner [12.21.06 12:02 PM]

You're right, that is a harder question. However, answering that question is also *completely unnecessary* for most of the communities we build on-line.

  Larry Seltzer [12.21.06 12:52 PM]

Brady: If you use one username/password combination and it's compromised you're going to have a hard time changing them all. With OpenID you can change it at one point. Plus you can get feedback on the ID's use to see if others are using it.

  Sid Steward [12.21.06 02:03 PM]

Kevin- You're right, but I believe it will become more important. Solve the online ID problem and you'll solve the spam problem.

Larry- It was I who wrote that 'one username/password' post, using Brady's name to make my point. Sorry for any confusion.

  Peter Cranstone [12.22.06 09:01 AM]

Open ID is a good idea. It's trying to solve the "Who" problem. As in, Who am I and can we make logging into a web page(s) easier. It's part of what I call the trifecta problem, or the "Who, What, Where" problem. Who is essentially "Me". My name, address, phone number, preferences. The What is the terminal and device capabilities of connecting device. This would be the screen resolution, the size of the screen, the bandwidth connection, the available memory (very important on a mobile device). The Where is my location in real time. This can be Area code, Zip code, or preferably my GPS location.

Open ID only solves one problem, leaving the customer wanting more. It's the trifecta that makes the experience more consistent for the customer.

Customers don't buy technology, they buy solutions to their problems. The more complete the solution the happy the customers.



  Dmitry Shechtman [12.23.06 03:34 AM]

I believe BotBouncer is bad for OpenID. I detailed my concerns in this blog entry.

  Jesper J [01.02.07 11:57 PM]

One problem I don't see anyone discussing is that of accountability. If my private data is compromised at a Relying Party (OpenID consumer), who is responsible? An unreliable OpenID provider can compromise the data at a Relying Party, but since it's the user that picks the OpenID provider, it seems the Relying Party cannot be held responsible for the compromise. This leads to two questions:

1) How does a user know if an OpenID provider is reliable?

2) How does a Relying Party know how reliable an OpenID provider is?

It seems to me that serious Relying Parties (banks, telephone companies, etc.) will have to limit support to a few certified OpenID providers. This will lead to bi-lateral, proprietary agreements between OpenID providers and Relying Parties. E.g. Bank Of America may decide to trust Yahoo but not Most likely, BofA-like companies will become OpenID providers themselves.

Users will also look for trusted brands when they pick an OpenID provider, so they will also gravitate to the few trusted entities with whom they have an existing relationship such as their bank, telco, ISV or portal (like Yahoo).

This is not to say OpenID is bad. It still provides more choice, openness and consistency that what we have today. But it's naive to think that we the users will be completely decoupled from corporations and finally own our identity.


  Sid Steward [01.03.07 09:17 AM]


One idea I've had to address the accountability issue is to create a web services provider that is organized as a cooperative. That way the organization is 100% aligned with its users.


  Tahir [01.04.07 05:46 AM]

Note to editor: 'Yahooligan' refers to a little kid who uses Yahoo! services for kids and not somebody who works at Yahoo! The latter is known simply as a 'Yahoo' (without the exclamation mark).

  Salman FF [01.04.07 10:16 AM]

On Identity becoming more decentralized: great point! But I am not sure it is one of the LAST pieces of the Web 2.0 puzzle which could be decentralized... For example, as per my name url, I wonder if there can be an underlying open (and may be open source) infrastructure that dis-integrates (ie disaggregates) web-based advertising... a decentralized Identity would certainly be one important element of that infrastructure.

  radha [01.10.07 01:48 AM]

Mphasis Technologies

  Brighthouse [03.05.07 09:49 AM]

I realy want use OpenID service provider. Saved info. Thanks

  Guy Barsheshet [03.15.07 05:42 AM]

It's not about replacing username and pass.
What happens when OpenID becomes a fact and users enjoy a smooth continuance flow between sites and services?

1. new user centric services/meshups.
2. enhance OpenId protocol supporting data exchange.

what else? ..

  Adriel Bernier [06.22.07 01:52 AM]

Comedian Russell Brand accepts damages over claims a girl was drugged and raped during a party...

  Katalog Stron [10.04.07 03:06 AM]

You're right, that is a harder question. However, answering that question is also *completely unnecessary* for most of the communities we build on-line.

  chat [10.08.07 09:46 PM]

You're right, that is a harder question. However, answering that question is also *completely unnecessary* for most of the communities we build on-line.

  Stuart [11.12.07 11:28 PM]

Please note the first link for OpenID points to, which has been somewhat.. blacklisted I suppose for want of a better word, by the OpenID community for the owner's shonky practices regarding the domain.

You would be wanting to point to instead.


  Halve [11.14.07 10:31 AM]

I am the affiliate coordinator over at Vidoop and just wanted to mention that we have an affiliate program as well. It is a simple sign up process and is basically the same as’s affiliate sign up. Another point to make is that offering users a few recommendations to a few “good” OIP’s is good practice and let’s them know you are helping them select a reputable OIP. The sign up is at

  Asia [04.12.08 09:00 AM]

Super article. Thanks

  Części Mazda [04.24.08 07:28 AM]

Really good article . Big thanks man :)

  zegarek [06.28.08 12:34 PM]

Verry helpful article for me..
Best regards !

Post A Comment:

 (please be patient, comments may take awhile to post)

Type the characters you see in the picture above.