To OpenID or not to OpenID?
Today I looked at becoming an OpenID provider. For those of you not familiar with the technology, it's a decentralized standard for digital identities. What that boils down to is the ability for you to create a login at one place and use it across many web spaces. This is a great thing because you don't need to remember a bunch of different logins, and you don't have to manage them either!
OpenID was created by Brad Fitpatrick, LiveJournal creator and Six Apart contributor. The standard is backed by some of the biggest names in computing -- Google, Yahoo, Microsoft, VeriSign, and MySpace, to name a few. In addition it is supported by thousands of other sites who appreciate both the simplicity of control it brings and the additional members.
To sign up for your OpenID, you choose an Identity provider or OpenID Provider. If something happens to this guy, you can always change it later, but this entity is who will validate your login. Your OpenID is a URL: it could be your own website, or a URL tied to your identity provider. Logging in with an OpenID validates against your chosen provider for every site that supports OpenID you attempt to access. Since it's a community driven, free, open source, decentralized standard, any site can use OpenID for free!
The licensing currently states that "Nobody should own this. Nobody's planning on making any money from this. The goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we're all a part of the community."
Why all the fuss? By now you should see a lot of the benefits of using an OpenID validation scheme, both for the users and the site owners (access to more people). No matter what I plan on implementing both a proprietary (DanShope.com only) login as well as an OpenID solution. There's more overhead involved with being an identity provider, and that's where the decision has yet to be made. Since there are so many other organizations providing OpenID registration, I'm not sure what better experience DanShope.com could give users.
For now, it's a tabled issue, but let me know your thoughts in the comments!
Labels: Login, OpenID, OpenID Provider, Security
blog comments powered by Disqus