OpenID is a decentralized standard identity system for authenticating users with the same identity on different web based services. It is like an internationally accepted driver’s license for web. You can use a single username and password all over the web instead of maintaining number of logins. OpenID simply eliminates the need for number of logins on internet.
OpenID identity is actually not a username and password system. Technically, they are URLs. Something likes this,
- http://claimid.com/username
- http://username.myopenid.com
- http://me.yahoo.com/username
You have to give your credentials to the OpenID provider website, and the provider is responsible to notify the other sites that you are who you claim to be. After you have claimed the authentication and authorization, you can use the website as a registered logged in user. Facebook Connect and Google Friend Connect are some examples of OpenID. The main difference in the OpenID is a single company does not control it. There are number of companies you can choose to obtain an OpenID.
To use the OpenID credentials, the website should have the OpenID login feature, and if you can find the OpenID logo somewhere on the webpage, you can use your OpenID to login. This form then connects with the OpenID client library.
Behind The Scene
There are two parties involved in an OpenID transaction, Consumer and Provider. A Consumer (also called a Relying Party) is an OpenID enabled web site. A Provider plays the role as a registrar. It allows users to create and manage OpenID URLs and accounts, and authenticates the user to Consumers. This is an open source framwork service, and anyone can be a Consumer or a Provider without any cost of licensing fees. You can find a large number of web applications allow users to log in using the OpenID credentials and number of sites have become the service Providers all over the web.
When a user tries to log into a Consumer site using OpenID, the Consumer site contacts the Provider to verify the user’s credentials. The user may be redirected to the Provider and asked to sign in using Provider password. When its done successfully, the user will automatically redirected to the Consumer site with granted access as a registered user.
Getting Started With OpenID
To use OpenID, you should have an OpenID account with one of the many providers on the web. If you have an account with Google, Yahoo, AOL, LiveJernal, Blogger, Flickr, MySpace or any other common big name OpenID providers, then you already have an OpenID. If you want, you can have an OpenID account with some dedicated OpenID providers, such as MyOpenID or ClaimID. This is called as ‘home base’. Even if you choose any of the services, you’ll get a unique URL that you can use around the web.
Getting Used To OpenID
The main confusion of using OpenID is, it is not a normal username and password but it is usually a URL something looks like this: http://username.providername.com.
To log into an OpenID enabled Consumer site
- Find the OpenID logo somewhere on the web page
- Paste your OpenID URL in the provided text field and press Enter
- You’ll be asked to sign into you account back at your ‘home base’. You have to provide the username and the password to the ‘home base’ account.
- At last, you will have to provide some of your basic details like your name and profile picture.
That is all. No need to register, no need to confirm.
Benefit Of OpenID For Different Level Of Internet Users
General Internet User
- Convenient online experience: Do not have to memorize a number of username and password for different sites
- Security: If you could find a secure OpenID provider, the phishing attack surface is reduced.
E-Commerce And OpenID Consumers.
- Being an OpenID consumer, they can give a simple user registration to the users. This will give a major attractiveness for website.
- With the user’s approval, the OpenID let know more about the visitors to the consumers to target their market
- Can be prevent from identity theft, as the login information can be retrieved from OpenID
OpenID is not a perfect solution for a normal user, until he’s getting used to it, and to prevent the security problem, the user must choose a secured OpenID provider.
References
- (2010). Retrieved on 2010, April from wired.com: http://howto.wired.com/wiki/Use_OpenID
- (2010). Retrieved on 2010, April from zdnet.com: http://blogs.zdnet.com/digitalID/?p=78
- (2010). Retrieved on 2010, April from penn-olson.com: http://www.penn-olson.com/wp-content/uploads/2009/12/openid.gif