TechNayak

I have been hearing a lot of questions regarding the design, use and intent of OpenId and thought, I must write about it. In the past two years or so, there have been about 100+ services that I have signed up for, to see what they have to offer and maintaining those accounts info’s are a pain. Some require alphanumeric passwords, some want numeric, some want non english words and so on. As time progresses, there will be probably 1000 services that everyone will use on a regular basis and its just unfair that you need to sign up for every new service and remember the account credentials.

OpenId is an initiative to decentralize the authentication mechanism to any website. Its easier said than done, the single sign on has been a goal of almost all the big majors, the GoogleId, YahooId and LiveId( .Net Signon) have been essential to many web workers. The difference here is that, all authentication to a Google Service gets routed through the Google Auth server. Problem - its a centralised mechanism, which doesn’t scale and doesn’t work for other service providers.

In OpenId, users identify themselves using a URI or an XRI , these URI’s are provided by websites who register themselves as OpenId providers or i-Brokers. When a user visits a site that supports OpenId, he just has to provide his OpenId URI and the site requests the URI provider to authenticate the user. Its saves the trouble of multiple signons and accounts. Since this method is decentralised, people can use any or all ids to authenticate themselves.

A lot of websites have already embraced OpenId, some of them include LiveJournal, Zooomr, Wikitravel, ma.gnolia.com, claimid.com, and Jyte. Most recent being wikipedia. OpenId authentication is by default present in Firefox3 and even Microsoft is working on OpenId2.0 for windows vista.

 update : Digg founder Kevin Rose has announced at FOWA that digg will support OpenId . Microsoft and AOL have also announced the embracing of OpenId .