OpenID – An Open Source-backed digital identity solution

OpenID is a relatively new (initially established in 2005) protocol to provide a decentralize, open, shared OpenID Logo2identity service.  What does this mean?  You only have to remember one user name and password for OpenID-enabled sites.  A few days ago, I converted this site to use this protocol because I  believe that initiatives like this are steps in the right direction for a more secure and user friendly Internet.

In my last corporate job, one of the many services that I had ownership over was an global, enterprise level Active Directory system with over 100K people — yes, that’s right .. over a 100,000 people.  That’s not including all the other things mixed into that directory like computer objects, groups, etc. 

As the centralized directory got more and more popular within the organization, all new applications were written to use the directory and, if possible, all old applications had to be re-written to utilized the central directory.  Fortunately for me, I only own the service and not the task of (re)writing all that code. 

The point I’m trying to get to here was that my #1 nightmare was to lose that service.  Even with 250+ servers dedicated to providing this service, I still felt I and the company was putting a LOT of faith into one vendor for a solution that isn’t standards based.  So many things could go wrong and some awfully critical applications will fail.  (of course we mitigated as much of the risk as possible, etc. but there is always something that could go wrong that we didn’t plan for.)

Now every major vendor out there has their own x.500 standards complaint directory, or whatever.  In addition, every single one of them has tweaked that directory to include some additional feature that the company is convinced you can’t live without.  If you know Microsoft’s Active Directory, you’ll know what I mean — they mucked with everything from DNS servers to the desktop to get this thing to work.

This is why OpenID is so very appealing to me.  It’s open, it’s a standard, and if you read the Wikipedia article, they have some MAJOR industry heavy hitters behind it: VeriSign, AOL, Google, Yahoo, IBM, Microsoft, Symantec.  Most of those companies also have seats on the OpenID Foundation.  The Foundation provides stewardship over the protocol – but not ownership.

the OpenID protocol provides for the ability for vendors to provide an OpenID service that consumers can sign onto.  Once verified as a “real” identity via email verification in most cases, any website that utilizes OpenID can trust that identity.  This provides two immediate benefits:  A user can have a single id across multiple websites and website developers/owners do not have to write/maintain a user registration system.

You may already have an OpenID account and not even know it!  If you have an account on any one of these services, you have an OpenID account: AOL, Blogger, Flickr, LiveDoor, LiveJournal (birthplace of OpenID), Orange, SmugMug, Technorati, Vox, Yahoo, or WordPress.com.  The two “mainstream” services AOL and Yahoo caught me by surprise.

There are also a number of large OpenID providers.  I personally use VeriSign Labs and their VeriSign’s Personal Identity Provider solution as my provider.  I’ve had some great business relationships with VeriSign Lab Logo VeriSign and I think that they are a ‘quiet but powerful’ company.  So I tend to trust them a little more when it comes to this type of information.

I highly recommend that you spend a little time reading up on this service and get an account for yourself.  I would advise that you read about how to use this new identity service as it varies slightly with each OpenID provider.  There is a good chance that if you don’t do things correctly, you could fall prey to some “phishing” sites.  Provider’s like VeriSign Labs take a couple of extra measures to ensure that you don’t get phished.  For instance, they offer a plugin for your favorite browser to maintain a logged in presence while that browser is opened.  In addition, they “require” that you log into their secure site rather than another site (this is a configurable item that you can select when you create your account.)

In any event, I hope that the OpenID movement continues to gather large vendors and we see more of it out there on the web.

-JT

Leave a Comment