Open distributed authentication: OpenID
We all get tired of creating accounts for every website that we run across. A LiveJournal account to comment on friends’ entries. 11 different WordPress accounts for each blog regularly read, since there’s no way to link one account to all of them. Half a dozen accounts at different forums. Digg, Flickr, Delicious. Shouldn’t there be a better way to control access to sites, rather than having to duplicate effort and data across all of them?
Well, as with all leadingly rhetorical questions, the answer is of course yes. OpenID allows you to set up a single account with a single PIP, and then use authentication tokens to allow that site to distribute your information (partially or fully) to requesting sites. The coolest part is that you can set up your own site as an OpenID server or delegate, which means your login name can be yourdomain.com. If the PIP you are using changes its TOS or even goes under, you can switch PIPs with just a few lines of HTML and keep your same ID (assuming you hold on to your domain name).
OpenIDs are so ridiculously easy to set up that everyone should really get ahold of one so that adoption becomes more widespread. As more and more sites start to accept it as a form of login (and my site will do so soon), it will become easier and easier to use your existing credentials rather than create more. Here’s one of the easiest ways to create your very own OpenID.
Step 1: Sign up with an OpenID Personal Identity Provider
The beauty of OpenID is its decentralization. It doesn’t matter who stores your identity, and you can change hosts at any time if you find a better one. I found Verisign Labs PIP, which has all the features I need and is pretty clean and trimmed-down. I created an account seth, which made my PIP Identity URL seth.pip.verisignlabs.com.
Other PIPs if you prefer:
- LiveJournal accounts all include OpenID
- Vox
- MyOpenID has some cool features like multiple identity support
Step 2: Point your website to the PIP (optional)
You only get half the benefit of OpenID if you keep the PIP’s URL for yourself. Then if you want to change PIPs, you’ll have a new URL to log in with. For those without their own vanity site, this may be a better option, however.
Go to the homepage of your website and pop it into an editor. You’ll need to insert two lines into the <head> of the document.
<link rel="openid.server" href="http://pip.verisignlabs.com/server/" />
<link rel="openid.delegate" href="http://you.pip.verisignlabs.com/" />
These URLs delegate your authentication to another site. The openid.server tells sites the URL of your PIP. The openid.delegate tells sites the URL of your identity. (Make sure you replace “you” with your PIP username.) Since you control your website, you don’t need to worry about someone else impersonating your domain. And since your PIP is protected by a password, no one else can steal your identity by pointing their website to your PIP.
Step 3: Log in to something!
LiveJournal is a fun place to start, but there are plenty more, such as Zooomr and Ma.gnolia. We’re looking into using this system for ZetaBoards as well!
I still don’t get it.
I’ve heard about it from places, this post explained it a little to me, the description from MyOpenID started to make sense most of all, but I still don’t get it entirely.
I understand that a URL becomes your username, but I don’t understand how that can automatically become an account for you on any OpenID-enabled site, and I really don’t understand how you don’t need to provide a password to any OpenID-enabled site (this is from what i’ve read anyway… how does it stop someone from getting into your OpenID account?).
Sounds interesting, but i’ve not yet found anywhere which explains it in really simple terms for thick people like myself
—–
BTW, on ZB Planet and in feedreaders, your ‘more’ link ends up with the
smilie at the end of it, so it looks like ‘(more… 
’, just so you know 
The password is on the PIP’s end, not the OpenID-enabled site’s end. Once you’ve authenticated to the PIP, you don’t need to reauthenticate while your session remains open.
Try logging into one of the sites about using “sethkinast.com”. You’ll see it will ask you for a password.
Ah, I see.
Funnily enough, I seen this screencast, posted on digg today, which helped a lot.
It sounds like a great idea, if only more sites used it. Hopefully it’ll get used more in the future.
And putting it in ZetaBoards would be great. We could single handedly get around 1,000,000+ forums (or however many IF hosts now) using it
Hey, I did it. And let’s face it, it’s me. Seth, that should be your new slogan for promoting OpenID: “So easy, Scotty could do it!”