Home OpenID at Web 2.0 Expo

OpenID at Web 2.0 Expo

There were two sessions today on User-Centric identity at Web 2.0 Expo. I attended the
first one etitled “Implementing OpenID”, which was conducted by David Recordon of Verisign and Brian Ellin of JanRain. The session was well
attended and it was surprising to see that more than 50% (according to a raised hand vote
by David) of the users had heard of OpenID. This is testiment to the momentum OpenID has
created in the industry. The session started with a brief summary of the benefits of
OpenID :

  • SSO for the web
  • Simple and lightweight
  • Easy to use and deploy
  • Open development process
  • Decentralized, Free
  • People are already familiar with URLs
  • User control of information
  • Site specific hacks are possible – use AOL user name to sign-in.

David produced a slide that showing there are not only over 100 million
OpenIDs in service
, but there are close to 2,500 relying
parties
already accepting OpenID. Some of the interesting platforms/technologies
that are supporting OpenID are:

  • Platforms: Joomla, drupal, /bb, rails, plone
  • Sites: Technocati, digg, sixapart, pageflakes, netvibes, wordpress etc.
  • Vendors: Microsoft, AOL, Verisign etc.

Implementing OpenID

Brian showed a demo of how OpenID works, by logging into jyte.com. He followed it up with a cool example of OpenID
delegation, which showed how users can use their own site as an OpenID and delegate the
sign in/authentication etc. to another OpenID provider (OP) – with just 2 lines of code.
This allows users to easily customize their OpenID, along with giving them the
flexibility to change their OP when they want.

David then showed an example of how to create your own OP using /MyID. He created a
new OpenID within minutes (hashing the password seemed a bit complicated though and it
will take me more then 2 minutes!). He also demonstrated how users can create their own
personal profile data and control it centrally, to provide the right set of information
to the right relying party. By using this technique, users will not need to fill out the
same sign-up form over and over again at multiple sites.

Brian then demonstrated how to install OpenID on Ruby, using the ruby-OpenID library.
He suggested that all relying parties should use the standard
“openid_identifier” to name their OpenID input name, to make it easy for
browsers to detect and process it. The Ruby example of enabling an app to use OpenID
seemed really easy.

The Phishing Problem

To their credit, David and Brian addressed the tricky phishing issue that has been
plaguing OpenID. They suggested a number of potential solutions that are being worked
on:

  • Client side certs (browser based certificates)
  • Microsoft
    CardSpace
    (IE 7/Vista)
  • Vidoop (image based access code); this is really not
    an anti-phishing solution, but it does allows users to replace passwords with easier to
    use visual categories – which defeat the keyboard logging kind of attacks.
  • OpenID SeatBelt: This is a new browser plug-in for FireFox and IE by Verisign. The
    SeatBelt works as follows:

    – The browser plugin first detects if a web page accepts OpenID authentication;

    – It then asks the user to Login to their OpenID account, so that they don’t have
    to login again;

    – It shows a visual indication that the login page is safe, plus the current login
    status of the user as a browser button in the browser toolbars;

    – In terms of usability, the Seatbelt plugin automatically fills out the OpenID field
    when it detects a site that accepts OpenID.

Overall it was a great, although somewhat basic, session. If you are interested in
finding out further details of the session, the slides of the session with notes are
available on OpenID.net.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.