What is OpenID?
Problem: Every web site comes with its registration procedure. So before even trying a new website you have to fill a form, confirm your email address and then start. And this is actually a major reason for people to not to try a new website. Design guidelines are getting liberal about the user information at the time of registration and trying hard to reduce the pain of user.
But again every body has to remember their multiple identities which are spread on wide web.
OpenID: OpenID is decentralized single-sign-on system. On OpenID enabled websites users do not need to remember authentication tokens like username,email and passwords but provide their OpenId. Meaning of decentralization is that there is no one authority which is responsible for OpenID.
It is an open standard which any body can implement and support. You can go through specs here.
For using OpenID, you need to get registered with one of the websites which is acting as an OpenID provider and then you can use your OpenID on websites which support it.
I know it is not easy to understand in one go, so lets take step by step.
1. Where i need to register for getting my OpenID? – There are several websites which acts as OpenID provider but for simplicity I am listing some of them:
a. AOL
b. LiveDoor
c. LiverJournal
d. Orange
e. SmugMug
f. Technorati
g. Vox
h. WordPress.com
i. Yahoo
If you have account with any of the above,then congratulations, you have an OpenID.
2. What is an OpenID? Suppose I have an account with WordPress then what is my OpenID? – OpenID can be of two types i mean it can have two formats a. URL b. XRI
Now let me first answer the question and then elaborate more. If you have an account with WordPress.com your OpenID will be username.wordpress.com. There are different formats for different OpenID providers and details can be seen at OpenID website.
URL can be of two types:
a. you can use an existing URL under your own control as OpenID by inserting appropriate OpenID tags in HTML pages by following OpenID specifications.
b.You can register with an OpenID provider and get your OpenID.
Now what is this XRI? This is basically a new type of Internet Identifier for cross domain digital identity. I am also not very much aware about this yet, but will definitely post details about the same, for now lets skip it.
3. OK. Now i have my OpenID. But who will support it? how/where can i use it? – There are several websites which take OpenID for authentication, I will take an example later in this post to clarify more. You can visit directory of sites where you can use your OpenID
4. How does this work ? what happens behind the scenes when i provide my OpenID to a website which supports it? – Good question. When you provide your OpenID to a website (e.g. abc.com), for authentication, it goes to the OpenID provider (e.g. xyz.com), specified by you, and checks whether the you are logged-in at xyz.com from the same machine or not.
a. If you are, it redirects the request to xyz.com to get confirmation from you that:
i. abc.com is trying to authenticate and asking some information from xyz.com
ii. should xyz.com trust abc.com with your identity or not?
Once you confirm, it will log you in abc.com.
b. If you are not online, It will ask you to be online on xyz.com first and then proceed.
In this way nobody who is having your OpenID can log into some website on your behalf because it requires you to be logged in on same machine.
5. OK. give me an example. – Lets take a very simple one. You need to be logged-in while posting a comment on blogs of blogger.com. blogger.com also supports openID. So we will try to post a comment using OpenID and will use WordPress.com as OpenID provider.
a. Login at wordpress.com
b. Go to blogger.com(in seperate tab of your browser)
c. Pick any blog which allows comments
d. When you go to post a comment you get following
e. Provide your OpenID, fill comments and publish your comment.
f. it will take you to wordpress.com for confirmation.
g. confirm the request and your comments will be published (if comments moderation is not applied on that blog)
Now log out from wordpress.com and try same thing again. It will ask for the login to proceed.
Most Commented Posts
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment