Open ID

From P2P Foundation
Revision as of 09:55, 2 April 2007 by Mbauwens (talk | contribs)
Jump to navigation Jump to search

See the Wikipedia article at http://en.wikipedia.org/wiki/Open_id

Open ID is a distributed identity management system, a.k.a. a decentralized single sign-on platform.


Description

"OpenID is a decentralized system to verify one's online identity... It solves the single sign-on problem without relying on any centralized website to confirm digital identity. OpenID users identify themselves with a URI or XRI which they own, such as for a blog or a home page. Since OpenID is decentralized, any website can employ OpenID software as a way for users to sign in.

On OpenID-enabled sites, Internet users do not need to register and manage a new account for every site before being granted access. Instead, they only need to be previously registered on a website with an OpenID "identity provider", sometimes called an i-broker. They can also link to this identity provider from another website they own and log in using that website's URI instead, allowing them to connect their identity to their website. A website which accepts sign-ins from OpenID is called a "relying party." (http://en.wikipedia.org/wiki/Open_id)


Status Report

Open ID Providers vs. Consumers

From Nik Cubrilovic at http://www.nik.com.au/archives/2007/03/12/openid-too-many-providers-not-enough-consumers/


"All these OpenID support announcements and I am not getting anywhere with my OpenID. You see, the reason why you won’t get very far if you follow the same path I just did is because while all these companies have announced OpenID support, along with many others, what they meant is that they are allowing their users to use their accounts at their services as OpenID accounts. These applications are all becoming OpenID providers as opposed to OpenID consumers. Funny thing is that most of these announcements pointed to the same list of applications that support OpenID as consumers - but not one of them decided to join that list themselves.

It turns out that we are solving the multiple identity problem by issuing multiple OpenID’s to everybody - defeats the purpose doesn’t it (many of these services give you an OpenID if you want one or not). Fact is, this isn’t going to work if we don’t have consumers and providers - but it seems that while we have plenty of companies wanting to step up us providers (easy) and have their users use their OpenID’s with other applications, we don’t have enough companies stepping up as consumers of OpenID. We now have 100 million+ OpenID’s with nowhere to go (well, almost). I am not sure what the problem is, but I can only speculate that it is because each of these applications would like to maintain some form of control and/or ownership of the user, and have their users go out into the rest of the web world carrying an OpenID with their name and logo on it. If this is the reason, then it is a crazy reason, because you can still hand off identity management to a third-party provider while knowing who the user is - you just won’t be answering emails about forgotten passwords anymore." (http://www.nik.com.au/archives/2007/03/12/openid-too-many-providers-not-enough-consumers/)


What Needs to Be Done

The smart application developers will be gunning towards supporting OpenID as consumers - because there is now a pool of 100M+ users out there who have credentials to login to your app. That is the part of the problem that needs solving, not the provider end. So I watched these announcements and I watched all the cheering and I didn’t think it was that great - it seems that OpenID is flavor of the month and everybody is jumping on for the ride (I could post ‘Burger King Supports OpenID’ and it would make the frontpage of digg).

So here I present, for the benefit of us all, my criteria in terms of what constitutes OpenID support:


1. Your application becomes a full consumer of OpenID

2. You application allows users to link their existing accounts to their OpenID

3. Your application allows users to *replace* their existing accounts with their OpenID

4. Your application has no signup barrier other than requesting an OpenID and password

5. You are *optionally* a provider of OpenID, if your user explicitly enables it (not sure why you want to be in the identity management business)" (http://www.nik.com.au/archives/2007/03/12/openid-too-many-providers-not-enough-consumers/)


More Information

Very good background and context to the project at http://www.readwriteweb.com/archives/openid_vs_bigco.php

Retrieved from "https://wiki.p2pfoundation.net/index.php?title=Open_ID&oldid=11551"