OpenID: Emerging from Web 2.0

7th of November 2007 by admin

At the Web 2.0 Expo in Berlin today, David Recordon from Six Apart gave an energetic talk entitled “OpenID: Emerging from Web 2.0″. David is Vice-Chair of the OpenID Foundation, and in this session he gave a comprehensive overview of OpenID, its current use on the internet, and the direction that it might take in the future.

Using his own website as an example, David showed how easy it is to link your identity to your personal home page – just two simple lines of code that will also give you the freedom to switch OpenID providers without changing your ID:

<link rel="openid.server" href="https://pip.verisignlabs.com/server" />
<link rel="openid.delegate" href="https://(username).pip.verisignlabs.com" />

He opted not to get too technical, and did not go into much detail on the OpenID authentication protocol itself, or the cryptography behind it, but focused instead on the functionality and potential implementations. While the technology has been around for a couple of years now, the use of OpenID has seen a surge lately, as companies like AOL and Orange assign an OpenID to all of their users. This is driven by the increased availability of OpenID as a means of authentication in web applications, e.g., Ma.Gnolia and BaseCamp, and by the inclusion of OpenID libraries in modern web frameworks, such as Ruby on Rails. David outlined how the development was influenced by the Linux software philosophy “do one thing and do it well”, thus allowing services and tools to built on top of OpenID, leading to unlimited potential.

The second half of the session was led by Martin Paljak, an Estonian OpenID advocate who developed open.id.ee – a OpenID provider which uses Estonia’s electronic ID scheme to provide a very secure identity on the internet. The advantages of a service like this becomes immediately clear in protecting users’ privacy. A number of recent high profile security breaches on sites has got people thinking about the integrity of their personal details online. In a Web 2.0 world without a central authentication framework such as OpenID, we are doomed to disclose our personal details to any new web app that requests it. Have you ever wondered why some random website is requesting your home address and telephone number? Each time we fill out a form on the web, the integrity of that information is at the mercy of the privacy policy and security of that particular website. OpenID means the only privacy policy that a user must agree to is that of the identity provider, thus decreasing the likelihood of a leak. Martin also pointed out how, in the Estonian case, the system gives protection against identity theft because when an account gets compromised, the government can re-issue a new digital identity.

Most people will agree that the widespread adoption of OpenID can only be a good thing, but it poses the question as to whether or not the concept a URI as a username is too much for ordinary users? I will confess to being mystified by the process at first, and the long list of OpenID providers to choose from was daunting. Regardless, it will be very interesting to see how OpenID develops, and whether or not it becomes the powerful standard that David and Martin envision.

3 Responses to “OpenID: Emerging from Web 2.0”

I’m a fan of it in principle and use it all the time but I see a huge problem in getting average punters to use it. We’ve delayed implementing it on LouderVoice twice now for that very reason.

Conor,

Why not offer dual login in? Those that will, will, those that don’t – won’t.

[...] about this presentation that appealed to me? Not quite sure there either. I took some notes for the Web 2.0 Ireland blog and gave my reaction there. I also took about 90 seconds while David was talking to turn [...]