OpenID: single sign-on for the Web

OpenID is a distributed, decentralized, identity management and authentication service that offers a simple way to sign-on to several sites using a unique ID.

This is an old problem for which centralized solutions are available. What is interesting about OpenID is that it is distributed, it is simple in concept and in implementation, and it is an open-source project.

• Offers single sign-on. OpenID offers a way to sign-on to different sites without creating separate userName and password for each. The participating sites must support OpenID for the authentication service to work.
  
• Uses a url as identifier. It uses an Internet Resource Locator, a url, such as charlieBrown.peanuts.com, for identification. A user registers one or more urls with a site offering OpenID identity management services. Each url is claimed, owned, by a registered user.

The OpenID specification includes the ability for any organization, individual user, company, government department, service provider etc, to offer the registration and authentication service.

How does it work? When prompted for userName and password, sites supporting OpenID offer it as an alternate way to sign-on. The user enters the OpenID url in place of userName and password. The site redirects the authentication to the site managing OpenID identity, the OpenID site validates the identity and in turn it redirects back to the calling site indicating authentication success or failure.

By using 2-and-3-factor authentication, OpenID can be used for transactions were Strong Authentication is needed.

Why is it needed? Each user must manage separate online identities using same or separate userNames and passwords. OpenID addresses this proliferation of userNames and passwords.

What is needed for OpenID to succeed? There have been several attempts to address this problem. For OpenID to be successful it needs universal adoption, enhancement and support as an open standard by industry in general. What is needed is for Google, Amazon, Yahoo, Microsoft, phone companies, banks, credit cards, retailers, et al to adopt it, and offer it as providers and consumers of the service.

For information go to openID.net, and kiwipedia.org.

References

• BBC article re subject.
• Microsoft may support OpenID.
  
• Sun Microsystems offers a service that guarantees anyone using an OpenID from this service is a Sun employee. Comments re adoption of OpenID by Sun are found here.
• Using OpenID; theServerSide.com.