Written by Emre Sokullu and edited by Richard MacManus
You may’ve heard of OpenID – it’s a
distributed identity management system, a.k.a. a decentralized single sign-on platform.
We prepared a screencast to better explain the idea (see Flash movie below). After that
we present a more detailed explanation, focusing particularly on Yahoo and Google.
In the screencast we use a real world example to show you what OpenID is. Firstly we
create an OpenID account at one of the best known free OpenID servers, myopenid.com, then we use our new
account to sign in to the following supported sites: Grou.ps, Zooomr and WikiTravel. Note
that we could use any OpenID provider, like ClaimID or vIdentity, but for the sake of simplicity we’ve chosen only one.
Here’s the screencast:
Note: click the play button to start
As indicated in the screencast, OpenID saves you from the hassles of creating and
managing new identities for various web app. But it works both ways – service providers
also save time and money by outsourcing their user identity management to this reliable
and neutral network.
Single Sign-On and The Big Internet Companies
The big idea in OpenID is providing a decentralized single sign-on platform. Single
sign-on is not a new notion however. Almost all the internet giants, like Yahoo, Google
and MSN, use single sign-on across their properties to lower the threshold of accessing
their services and to create a competitive advantage. The reason they do this is that
signing up is actually a big barrier to entry for users of web apps. Users feel more
comfortable when they don’t have to sign up to use an app – it’s much easier to give it a
try and it’s less time-consuming to start using it. That’s why most web sites today try
to keep sign up process as short as possible. Here’s a graph which illustrates this:
From this point of view, OpenID can be seen to resemble Yahoo – the biggest single
sign-on strategy player in the history of the Internet. In the late nineties, Yahoo’s
strategy was to create a big portal and make their properties seamlessly accessible via
single sign-on. This could also be called Yahoo’s sub-internet – and it worked too for a
while. But then Google came along and swept up everything with a whole new search-centric
approach. In Google’s new paradigm, search was the key – but single sign-on was still
used. With Froogle or Google Book Search for example, they could compete with Amazon in
the book sales arena.
Although Google’s approach seems more successful now, and the other bigcos have
adopted the search-centric model, single sign-on is still a very important paradigm.
Therefore OpenID can provide the advantages that Google, Yahoo and MSN have, to all other
independent sites – in a decentralized, open fashion.
A Brief History Of Sign-On Approaches
Origins of OpenID
OpenID was the brainchild of Brad Fitzpatrick, who is
also known for memcached and LiveJournal – the popular blogging platform which
was acquired by Six Apart in 2005. Today, OpenID is backed by Six Apart and several
others including VeriSign. Commercial support is the biggest reason for OpenID’s
existence and growth. Similar to the RSS effect, OpenID creates many business
opportunities around it. ClaimID is one of the best
known commercial OpenID providers, whose business model can be compared to
FeedBurner.
OpenID is being managed under meritocracy rules, just like any other big open source
project. Specs are under continuous development. The current spec 1.1 will be deprecated
in favor of the upcoming 2.0, which will feature YADIS service discovery, security
enhancements, anonymous logging capability and XRI (i-name i-number).
Current Status
The number of sites that implement OpenID is low for the time being. Zooomr is known to rely solely on the OpenID identity
management system. However, many others like Grou.ps (my
company) and WikiTravel are more conservative and
choose to offer OpenID as an option, besides the traditional sign-on model.
Brad Fitzpatrick’s LiveJournal is one of the largest OpenID supporting sites, however
it is used only to add comments and not create a fully functional account. Recently
Technorati was invited to initiate OpenID support, however their support is limited to a
few functionalities only – similar to LiveJournal.
OpenID advocates have tried to attract Yahoo and Google for support, but this does not
sound feasible because of the business models established on their proprietary single
sign-on mechanisms. Wikipedia, however, is expected to support OpenID soon – thanks to a
patch created for WikiMedia, the open source wiki software powering the encyclopedia
giant.
As for general OpenID usage, it’s impossible to have accurate information on that – as
the system is decentralized. However, the number is certainly not at a satisfactory level
yet, but is expected to gain momentum as of version 2.0 which has greater stability and
will get better media coverage.
Concerns
Even though the system is completely decentralized, OpenID still raises privacy
concerns. Some people don’t want to have a central place that binds all their accounts.
Another criticism is whether the system is fully de-centralized? As always, this
space is vulnerable to one provider eventually dominating it. So any disequilibria may
put the neutrality of the system under question.
