Friday, October 5, 2007

What Good is OpenID?



Wikipedia says the following about OpenID:

OpenID is a decentralized single sign-on system. Using OpenID-enabled sites, web users do not need to remember traditional authentication tokens such as username and password. Instead, they only need to be previously registered on a website with an OpenID "identity provider..."

Here's how it's suppose to work... you create a profile at one OpenID server and then all other Web sites that use OpenID can refer back to the original OpenID server where you created your ID.

So, after a week of trying it out I've discovered that, generally speaking, each site that hosts an OpenID server will want you to use their own OpenID server.

I reached this conclusion when I created an OpenID profile at myopenid.com and then, several days later, I need to go through the whole process again at myvidoop.com.

Sure, I'm probably misunderstanding how OpenID is suppose to work - so don't hesitate to correct my misperceptions.

2 comments:

Anonymous said...

Joe: I am the technical director for VeriSign's OpenID provider called the "PiP" (pip.verisignlabs.com) and let me offer you a couple of comments.

1) When selecting an "OP" ("OpenID Provider") whether it be the PiP, Vidoop or MyOpenID you should select the one which you feel offers you the most functionality to manage your profile. You only need to create one OpenID identifer which you will use to login to relying party's. In your case you have now created multiple identifer's at multiple OPs when you only needed one.

2) If you have a personal website that you host you may review the information about delegation http://openid.net/wiki/index.php/Delegation
the great thing about this is that you can host your identity with one of the OPs but you can use something more common (for example your personal website) as your identifer.

Hope this helps and while you already have two why not 3? :-) Check out the PiP or if anything our anti-phishing product called SeatBelt at http://pip.verisignlabs.com/seatbelt.do which you can use with either us, MyOpenid or Vidoop (and yes it also supports delegation).

Good luck.

OpenID has a concept of "delegation" which gives you

Anonymous said...

If you were trying to login to an OpenID Provider (IDP) then you likely can only login with with an account from that provider. I.e. I can not login to MyVidoop with an account from MyOpenID.

Though if the site was a relying party (RP) then you should have been able to use an OpenID account from anywhere. That is the point of OpenID, single sign-on, one password to remember.

There are some good directories of OpenID enabled sites (RPs) at MyOpenID.com/directory and OpenIDDirectory.com