Wouldn’t it be great if you could use the same account to log in to multiple sites and applications, without having to trust them all with your password? Wouldn’t it be even better if you could do this without having to hand ownership of your online identity over to some monolithic third party? (I’m looking at you, Windows Live ID.)
The good news is, you can! OpenID is a decentralised authentication system invented by LiveJournal but now being developed as an open standard under the careful mentorship of the Apache Software Foundation. Anyone can create an OpenID, and the number of sites which let you log in with one is growing by the day.
An OpenID is simply a URL. My OpenID is simonwillison.net, the address of my weblog. I can use it to sign in to any site that supports OpenID, and because I’m the only person with control over my weblog’s homepage I’m the only person who can use that identity.
If you want your own OpenID (and you should), here’s how to get one.
1. Sign up with an OpenID provider
OpenID is decentralised, which means that anyone can set themselves up as an OpenID provider. You can run your own server if you want to (phpMyID is one way of doing that) but there are a number of free services that will host an ID for you. Those include:
- LiveJournal. They invented it, and if you have a LiveJournal account you already have an OpenID—it’s the URL of your journal. I’m swillison.livejournal.com.
- Vox—Six Apart’s sexy new social network thang. I’m simon.vox.com.
- VeriSign Labs, who have done some excellent work around OpenID and run a provider as part of their Personal Identity Provider service. I’m swillison.pip.verisignlabs.com.
- MyOpenID, run by JanRain, authors of the most widely used OpenID libraries. I’m swillison.myopenid.com.
If you already have an account with Vox or LiveJournal you can skip straight to step 2. If not, pick the provider that you trust the most and create an account there. This isn’t a permanent decision: you can move provider at any time without losing your account, provided you follow step 2.
2. Point your own site at your new OpenID
Here comes the magic. Having picked your provider and created an OpenID there, edit the HTML of your weblog’s homepage (or indeed whichever URL you want to use as your personal OpenID) and add the following to the document :
Replace the openid.delegate href with the OpenID at your provider, and the openid.server href with that provider’s OpenID server. You can find the server by viewing source on your OpenID page there, or by using this table:
| OpenID Provider | Server URL |
|---|---|
| LiveJournal | http://www.livejournal.com/openid/server.bml |
| Vox | http://www.vox.com/services/openid/server |
| VeriSign | https://pip.verisignlabs.com/server |
| MyOpenID | http://www.myopenid.com/server |
This delegation mechanism is key to OpenID’s status as a truly decentralised authentication system. If you decide you no longer trust your identity provider you can switch to another one by just editing a couple of lines of HTML—your OpenID will stay the same.
3. Log in to something!
Now that you have an OpenID, you can use it to log in to all sorts of sites. Find their OpenID login form and enter your new OpenID—that’s the URL of your weblog. You will be redirected to a page on your identity provider which will either ask you to log in or ask you to authorize the site to use your identity. Click “Yes” and you’ll be sent back to the original site and magically logged in—no password required.
I’ve been collecting a list of sites that allow you to log in using OpenID under the openidconsumer tag; sites you may have heard of include Ma.gnolia, Zooomr and Wikitravel.
No comments:
Post a Comment