We all get tired of creating accounts for every website that we run across. A LiveJournal account to comment on friends’ entries. 11 different WordPress accounts for each blog regularly read, since there’s no way to link one account to all of them. Half a dozen accounts at different forums. Digg, Flickr, Delicious. Shouldn’t there be a better way to control access to sites, rather than having to duplicate effort and data across all of them?
Well, as with all leadingly rhetorical questions, the answer is of course yes. OpenID allows you to set up a single account with a single PIP, and then use authentication tokens to allow that site to distribute your information (partially or fully) to requesting sites. The coolest part is that you can set up your own site as an OpenID server or delegate, which means your login name can be yourdomain.com. If the PIP you are using changes its TOS or even goes under, you can switch PIPs with just a few lines of HTML and keep your same ID (assuming you hold on to your domain name).
OpenIDs are so ridiculously easy to set up that everyone should really get ahold of one so that adoption becomes more widespread. As more and more sites start to accept it as a form of login (and my site will do so soon), it will become easier and easier to use your existing credentials rather than create more. Here’s one of the easiest ways to create your very own OpenID.
Step 1: Sign up with an OpenID Personal Identity Provider
The beauty of OpenID is its decentralization. It doesn’t matter who stores your identity, and you can change hosts at any time if you find a better one. I found Verisign Labs PIP, which has all the features I need and is pretty clean and trimmed-down. I created an account seth, which made my PIP Identity URL seth.pip.verisignlabs.com.
Other PIPs if you prefer:
- LiveJournal accounts all include OpenID
- MyOpenID has some cool features like multiple identity support
Step 2: Point your website to the PIP (optional)
You only get half the benefit of OpenID if you keep the PIP’s URL for yourself. Then if you want to change PIPs, you’ll have a new URL to log in with. For those without their own vanity site, this may be a better option, however.
Go to the homepage of your website and pop it into an editor. You’ll need to insert two lines into the <head> of the document.
<link rel="openid.server" href="http://pip.verisignlabs.com/server/" />
<link rel="openid.delegate" href="http://you.pip.verisignlabs.com/" />
These URLs delegate your authentication to another site. The
openid.server tells sites the URL of your PIP. The
openid.delegate tells sites the URL of your identity. (Make sure you replace “you” with your PIP username.) Since you control your website, you don’t need to worry about someone else impersonating your domain. And since your PIP is protected by a password, no one else can steal your identity by pointing their website to your PIP.