Written by Emre Sokullu and edited by Richard MacManus

You may've heard of OpenID - it's a distributed identity management system, a.k.a. a decentralized single sign-on platform. We prepared a screencast to better explain the idea (see Flash movie below). After that we present a more detailed explanation, focusing particularly on Yahoo and Google.

In the screencast we use a real world example to show you what OpenID is. Firstly we create an OpenID account at one of the best known free OpenID servers, myopenid.com, then we use our new account to sign in to the following supported sites: Grou.ps, Zooomr and WikiTravel. Note that we could use any OpenID provider, like ClaimID or vIdentity, but for the sake of simplicity we've chosen only one. Here's the screencast:


Note: click the play button to start

As indicated in the screencast, OpenID saves you from the hassles of creating and managing new identities for various web app. But it works both ways - service providers also save time and money by outsourcing their user identity management to this reliable and neutral network.

Single Sign-On and The Big Internet Companies

The big idea in OpenID is providing a decentralized single sign-on platform. Single sign-on is not a new notion however. Almost all the internet giants, like Yahoo, Google and MSN, use single sign-on across their properties to lower the threshold of accessing their services and to create a competitive advantage. The reason they do this is that signing up is actually a big barrier to entry for users of web apps. Users feel more comfortable when they don't have to sign up to use an app - it's much easier to give it a try and it's less time-consuming to start using it. That's why most web sites today try to keep sign up process as short as possible. Here's a graph which illustrates this:

From this point of view, OpenID can be seen to resemble Yahoo - the biggest single sign-on strategy player in the history of the Internet. In the late nineties, Yahoo's strategy was to create a big portal and make their properties seamlessly accessible via single sign-on. This could also be called Yahoo's sub-internet - and it worked too for a while. But then Google came along and swept up everything with a whole new search-centric approach. In Google's new paradigm, search was the key - but single sign-on was still used. With Froogle or Google Book Search for example, they could compete with Amazon in the book sales arena.

Although Google's approach seems more successful now, and the other bigcos have adopted the search-centric model, single sign-on is still a very important paradigm. Therefore OpenID can provide the advantages that Google, Yahoo and MSN have, to all other independent sites - in a decentralized, open fashion.

A Brief History Of Sign-On Approaches

1994 Yahoo Initiates Single Sign-On Paradigm; Company Foundation
1998 MSN Starts its own Single Sign-On Paradigm; Announcement of MSN Passport
1998 Google Initiates Search-Centric Paradigm; Company Foundation
2002 Yahoo Follows up with Search-Centric Paradigm; Acquisition of Inktomi
2004 Google Starts its own Single Sign-On Paradigm; Gmail and Google Accounts
2004 -2005 MSN Follows up with Search-Centric Paradigm; Live.com
2005 OpenID Initiates single sign-on for independent sites; Project Foundation

Origins of OpenID

OpenID was the brainchild of Brad Fitzpatrick, who is also known for memcached and LiveJournal - the popular blogging platform which was acquired by Six Apart in 2005. Today, OpenID is backed by Six Apart and several others including VeriSign. Commercial support is the biggest reason for OpenID's existence and growth. Similar to the RSS effect, OpenID creates many business opportunities around it. ClaimID is one of the best known commercial OpenID providers, whose business model can be compared to FeedBurner.

OpenID is being managed under meritocracy rules, just like any other big open source project. Specs are under continuous development. The current spec 1.1 will be deprecated in favor of the upcoming 2.0, which will feature YADIS service discovery, security enhancements, anonymous logging capability and XRI (i-name i-number).

Current Status

The number of sites that implement OpenID is low for the time being. Zooomr is known to rely solely on the OpenID identity management system. However, many others like Grou.ps (my company) and WikiTravel are more conservative and choose to offer OpenID as an option, besides the traditional sign-on model. 

Brad Fitzpatrick's LiveJournal is one of the largest OpenID supporting sites, however it is used only to add comments and not create a fully functional account. Recently Technorati was invited to initiate OpenID support, however their support is limited to a few functionalities only - similar to LiveJournal. 

OpenID advocates have tried to attract Yahoo and Google for support, but this does not sound feasible because of the business models established on their proprietary single sign-on mechanisms. Wikipedia, however, is expected to support OpenID soon - thanks to a patch created for WikiMedia, the open source wiki software powering the encyclopedia giant.

As for general OpenID usage, it's impossible to have accurate information on that - as the system is decentralized. However, the number is certainly not at a satisfactory level yet, but is expected to gain momentum as of version 2.0 which has greater stability and will get better media coverage.

Concerns

Even though the system is completely decentralized, OpenID still raises privacy concerns. Some people don't want to have a central place that binds all their accounts. Another criticism is whether the system is fully de-centralized? As always, this space is vulnerable to one provider eventually dominating it. So any disequilibria may put the neutrality of the system under question.