What is OpenID?

Submitted by Hamed on Tue, 05/08/2007 - 15:20.

OpenID is an open, decentralized, free framework for user-centric digital identity.

Here is how it works:

You can go to one of OpenID Servers and register yourself, get a user id and password. After that, the provider gives you unique name which we call it your “Identity”. This identity usually looks like a URL.
There are several OpenID Servers out there. They are called “OpenID Providers”. You can choose one of them which you trust the most. If you are an advance user and you have a website, you can easily have your own OpenID Server.
There is also a nice feature that enables you to have your own “Identity” and then map it to an OpenID Provider. As long as you are happy with that provider, you use it. As soon as you feel you want to change your provider, you can easily do that without changing your own identity.
Here are some examples of OpenID providers:
http://www.myopenid.com
http://www.livejournal.com
http://home.bryght.com
For example you can go to either of these sites and register yourself, and then you will see your identity, something like this: http://home.bryght.com/user/19

Now you go to a site that has OpenID login feature. There are many sites with this feature and they are growing so fast. You don’t need to register to any of them anymore. All you need to do is just enter your IDENTITY in login box and enter.
Let’s show it through an example:

You go to a site like this one with OpenID login enabled: www.iamhamed.com
Then instead of registering in this site, you enter your identity into OpenID box.

This site will redirect you to your Identity Provider (which you trust) and there you enter your password. After successful login, your Identity Provider will ask you:
”A site with this address: www.iamhamed.com is asking for your permission to login you in. Do you trust this site?”

If you confirm it, your provider will send your information back to www.iamhamed.com and you are logged in. Simple, isn’t it?

When you are telling your provider that you trust the caller site, you can select a checkbox telling your provider to remember your answer. This way next time you are visiting the same site again, there would be no question, just put your login and password and you are in.

As you can see, you will be able to login into many sites with your one-time registration in your OpenID Provider. No more registration processes and filling the forms and remembering passwords.

A little more advanced version would be this:
If you have a website, or at least if you have only one web page in any web server, you can easily use this feature.
In your web page, in its < HEAD > section you add two lines:
< link rel="openid.server" href="address to your identity provider" / >
< link rel="openid.delegate" href="your identity in that provider" / >

For example I have an identity in BRYGHT server; I would enter http://home.bryght.com in first line and http://home.bryght.com/user/19 in second line.
Let say this web page has an address like: http://mywebserver/mypage.html
Now you can use the exact address of this page as your IDENTITY in any OpenID enabled site. For example in www.iamhamed.com you can enter http://mywebserver/mypage.html as your identity and then enter.
OpenID is intelligent enough to get the name of the real Identity Provider from this page and redirect you there.
Now what is the advantage?
Isn't it obvious? For any reason if you are tired of your Identity Provider, all you have to do is to register in another provider and change the information in your web page to point to your new provider. This way your identity would always remain the same: http://mywebserver/mypage.html, but in the background you are actually changing your provider!
Isn’t that great?

For more information please visit these sites:

http://openid.net
http://www.openidenabled.com/