Geekblok

You may have heard about OpenID before, or maybe seen the little icon popup at some sites already. Fact is that OpenID is slowly but steadily gaining popularity. And in my humble opinion, that’s a Good Thing™.

Let’s first look at what OpenID really is. It’s a system that allows you to authenticate yourself. Instead of your email address (which is commonly used), OpenID uses an URI as point of view.

How many accounts do you have online? 5? 10? 25? 100? 250? more? A lot of people (including me) don’t even know the amount of accounts anymore. It looks like every other website requires you to login and after a while you just loose track of all accounts, passwords and email addresses used. OpenID is very useful for this! It allows you to have one login, one password and all you need to remember is your own website’s address.

Microsoft basically tried to do the same thing with Passport, yet OpenID is cooler, for it’s open and not controlled by one big company (especially not a company many people don’t trust). Anyone can act as an OpenID provider and you have plenty of options to choose from.

Well, one ring account to rule them all, that sounds good, but how does it work? I won’t go into the technical details (for those interested, see the specs). I’ll just guide you through one example. One day, you see a website, like ma.gnolia, which offers you to sign in using your OpenID.

First we need an OpenID. There are several ways to obtain one. For instance, if you’re a livejournal or a vox user, you already have an OpenID! But let’s say you have your own slick blog, hosted on your own machine. You could install a OpenID server on it aswell, or trust your account to some company from the ever growing list of providers. Simply sign up with them (this is the last time you have to sign up, really) and you’re set. Now you have your own OpenID.

But will you remember URLs like http://mijnopenid.nl/is/nickname or http://nickname.myopenid.com/? You probably will, but you definitely remember your blog’s URL. The good thing is, you can use your blog URL (http://myslickweblog.somehost.tld)! In order to make this work, you have to add two lines to your blog, which is explained on the delegation page

Ok, so you got your ID, let’s get back to ma.gnolia. In the OpenID box, you enter your URL (and I assume you’ve set up the delegation): http://myslickweblog.somehost.tld/. Now you will be forwarded to the OpenID server you signed up with. After you log in, you will be asked to share some details with ma.gnolia (nickname and email address). You may give this info to them, but are not required too! Now simply either allow the login once, forever or not at all and you’ll be redirected back to ma.gnolia.

As you can see, the authentication process is now taken away from ma.gnolia and put into the hands of your OpenID provider. This is great for developers, because all developers I know simply hate user authentication (which comes with lost password procedures, sign up procedures etc. etc.). But to you, as end user, this is of course awesome too. You only have to remember one password.

The only downside is that you have to trust your OpenID provider. If their server is cracked and passwords are stolen, people can login pretending to be you everywhere… then again, if people have your mail account password, the same thing can happen.

All in all OpenID looks very handy. If you wonder what websites support this (besides ma.gnolia), the OpenID directory might be useful.