JW’s blog

OpenID is a decentralized and open identity management protocol. It defines how applications can request a user to authenticate using his OpenID, which is stored on his server or at a service he trusts. OpenID was originally only an authentication protocol, but in future it may even allow applications to exchange data about the user, with the user’s permission of course.

When you want to sign in at Zooomr, an online photo storage service like Flickr, you have to enter your OpenID URL. After you proceed to the next page, you get redirected to the location you just entered, where you can enter your password, and permit Zooomr to access your name and e-mail address. You can allow Zooomr to view these “attributes” once, or always. Then, when you click “OK”, you’re logged in into Zooomr.

One of the services where you can request such an OpenID URL, the identity providers, is MyOpenID. Your OpenID URL will be based on this site’s URL, so it might for example be http://john_doe.myopenid.com/. Of course, OpenID is open, and you can install the OpenID software for identity providers on your own server too, so your OpenID URL may also be http://www.johndoe.com/openid/. Some of your personal details, such as your name, location and e-mail address, are stored there. Then, when an application wants to authenticate you and make sure you’re you, it can rely on the identity provider.

The biggest advantage of this system is that it allows you to use one username and password on every site (that supports OpenID). And, once you’re logged in, you keep being logged in for the whole browser session, so when I log in at LiveJournal, and then surf to Zooomr, the only thing I have to do is enter my OpenID URL once again, but I’m not required to enter my password another time.

Currently, OpenID 2.0 is under development. In addition to the current authentication protocol, OpenID 2.0 will also include an attribute exchange and data transport protocol. This means that, if Zooomr stores my photos and I log in to an other application with my OpenID, that application would be able to retrieve my Zooomr photos; assuming Zooomr has set up a data transport gateway and I permitted the exchange. This is a very powerful concept, and although the realization may not yet be a stable one (they for example use no standards, except for XML), things will definitely improve in future.

But, without doubt, the most valuable addition to version 2.0 is that several other companies have co-operated in the drafting. Representatives of amongst others VeriSign, Sxip (another company doing “Identity 2.0″) and Six Apart (who have already implemented OpenID in LiveJournal) participated in the drafting of the OpenID 2.0 specification.

As an extra stimulus, the OpenID community also launched the I want my OpenID! bounty program, which will grant $5,000 to ten open source projects implementing OpenID. Some of these may include plug-ins (or built-in functionality) for Drupal, WordPress, MediaWiki, phpBB, and a bunch of other projects. OpenID is really gaining momentum, as 14 companies sponsor the “I want my OpenID!” action, more and more plugins for it are being developed, and larger applications like Technorati are announcing their integration of OpenID.

So, create your OpenID now, you may need it a lot in future. For more information about OpenID, check the official website for technical details and the official specifications, or the OpenID Enabled website for libaries and information for developers.