Feb 222008
 

Last night I decided that I’m tired of not knowing what OpenID is all about, so I got one and learned how to use it, and thought about whether or not it is a good thing.

So the big idea as I understand it is that people should be able to have one login for all internet sites, instead of having to create an account at each of the 42 web sites that you use. This can be accomplished via the use of a single trusted source (that being your preferred OpenID provider), and having other web sites defer to it for authentication. Sounds good, right?

If you want to experience this for yourself, here’s how you can do that:

  1. Set up an account with a trusted OpenID provider. I set mine up with Verisign because I trust them.
  2. Go to a web site that supports OpenID and login with your newly created OpenID. Try Plaxo.
  3. Use the OpenID login you created (such as http://[username].pip.verisignlabs.com)
  4. Fill in whatever information is requested (this is made easier by the OpenID provider if you’ve fully set up your profile already)
  5. Determine whether you want to trust Plaxo forever, until a specified date, or just for this one moment
  6. Click “Allow”

So there are a couple of things going on here. First, you’re doing the work of setting up your OpenID up front, so that you may save yourself some time later by not having to re-enter that information when you login to a web site that supports OpenID. Second, you’re setting up your trust relationship with Plaxo up front, so that when you need to login there again, all you have to do is enter your OpenID (such as http://[username].pip.verisignlabs.com) and you are into the site (unless you are not currently logged into your OpenID provider’s site).

What does it all mean? Well for one, you don’t have to remember a password to login to Plaxo or any other web site that supports OpenID; you only need to remember the password for your OpenID and the string that represents your username (such as http://[username].pip.verisignlabs.com or http://[username].myopenid.com, depending on your provider). Additionally, you are you across all OpenID supported sites since your OpenID is unique.

It also means that you have to hope that the entire internet supports OpenID at some point in the future, if you only want to remember one password. If this really is your goal, I don’t think OpenID is your answer; you’ll fare better with some sort of locally installed software package that manages your internet credentials for you.

So all in all, I like OpenID, but it needs much more support. Specifically, I’d like to be me across GMail, Yahoo, LinkedIn, and Facebook for starters. In the meantime, if anyone out there knows of some good online identity management software that I could install locally, please comment here and let me know about it.

  4 Responses to “My OpenID Experience”

  1. Hi Brian,

    Nice post, happy to see your interest in OpenID. There is a good comparison of the different OpenID providers up here: http://spreadopenid.org/provider-comparison/

    I am a relative new comer to OpenID as well and have seen it grow by leaps and bounds in a very short while. With world wide adoption, including several major players here in the US, its hard not to believe that OpenID wont be the default single sign on protocol. Not to say everyone will have to give up the login/password model, but they should have the choice to use their OpenID.

    I work for Vidoop and we run an OpenID provider (http://myVidoop.com) and also offer a browser plugin for managing your standard logins and passwords. The plugin ties in to your myVidoop OpenID account, is easy to install and allows a member to save and manage all of their standard logins/passwords from within their myVidoop account. If interested we have a video explaining more about the plugin: http://tinyurl.com/2y888w

    I have been using the browser plugin since I started at Vidoop a couple weeks ago and it has been pretty handy. I would be interested to hear any feedback, I think its a nice combo, but I am biased.

    Cheers,
    Kevin

  2. you’ll fare better with some sort of locally installed software package that manages your internet credentials for you.

    I founded an online password manager – so not installed locally, but stored in the cloud. We use Host-Proof Hosting

    There’s some basic security info here:
    http://www.passpack.com/info/security/

    But if you’d like more info, please feel free to ask.
    Cheers,
    Tara

  3. Hi there to every single one, it’s actually a nice for me to pay a visit this web site, it contains priceless Information.

  4. I wanted to compose you that bit of observation to give many thanks again for all the remarkable solutions you have contributed on this page. This has been simply unbelievably generous of people like you to offer openly just what a lot of people might have made available as an ebook to help with making some money for themselves, chiefly since you might well have done it if you considered necessary. Those things additionally acted to be the fantastic way to know that other people online have the identical dreams similar to mine to see a lot more with respect to this problem. I’m certain there are a lot more pleasant sessions in the future for many who browse through your blog.

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>