Sunday, August 5, 2012

Introduction to OpenID

When was the last time that you wanted to access the website but you didn’t remember the user name or password? All of us face this situation quite frequently and people have come up with solutions which are quite risky from a security perspective. Some people use the same username and password across all websites. Others keep a note of username and passwords used in different websites.
Another annoying part is filling up the sign up form. Every time you register for a new website, you end up filing pretty much same information again and again.

OpenId is meant to solve these problems. The idea here is to create an id with an openId provider and use that ID to log on to sites that support openId. In an ideal world where all websites support openId you will end up having just one user id and password. Isn’t this amazing!

In terms of adoption, OpenID is used by many large websites including Facebook. If you are using services like Yahoo, Google, Flickr or Myspace, you already have your own OpenID. Additionally there are some dedicated ID provider like myOpenID, verisign and myID.net. Visit http://openid.net/get-an-openid/ for complete list.

Typical actors in OpenId standard are “id provider” and the “relying party”. This standard provides the framework for the two actors to communicate.

Coming to the problem of re-typing the same information again and again, OpenID standard has an extension (OpenID attribute exchange) that allows for transfer of user information from id provider to the relying party. This way you don’t need to retype this information all over every time you sign up to a new website.

OpenID is not free of all evils though. You need to be careful with your OpenID because if your OpenID and password is stolen then all your registered sites become a target! You would be better off if your OpenID service provider supports two factor authentication. VeriSign is one such provider.

No comments:

Post a Comment