Openid - Simon Willison - Media in Transition
-
Upload
mediaintransition -
Category
Technology
-
view
1.483 -
download
1
description
Transcript of Openid - Simon Willison - Media in Transition
URL based identity with OpenID
Simon Willison, http://simonwillison.net/Media in Transition, 6th September 2007
The web authentication problem
What username did I use again?
What password did I use again?
The Web needsSingle Sign On
?
SSO with a single controlling authoritybetrays the principles
of the Web
OpenID is decentralised
• An open standard, developed in public
• No controlling authority
• No need to ask permission before implementing it
An OpenID is a URL
• http://swillison.livejournal.com/
• http://simonwillison.myopenid.com/
• http://simonwillison.net/
Here’s how it works
The sign-up problem
OpenID’s Simple Registration extensioncan help users provide name, e-mail, D.O.B...
The web profile problem
• Each of these pages has a URL
• If the services supported it, each of these URLs can be an OpenID
• This lets me assert ownership of my profile
• I can use OpenID to tie profiles together across multiple sites
• Every site wants to know about my social network
• Re-friending everyone on every site I visit is tedious, and a major barrier to adoption
• The Facebook platform lets me reuse the Facebook social graph - but I have to abide by their rules
The social network problem
OpenID provides the globally unique identifier needed to
create a portable social graph
OpenID adoption
Total Relying Parties
0
875
1,750
2,625
3,500
Sep '
05 Oct
Nov Dec
Jan '0
6Fe
bMar Apr May
June
July
Aug Sep
Oct
Nov Dec
Jan '0
7Fe
bMar Apr May
June
What’s in it for you?
• Reduces the overhead for signing up for an account on your service - great for attracting early adopters
• The ability to “prove” ownership of your account is an excellent complement to your service’s Web Service API
• You can learn about a user’s profiles elsewhere on the Web
Some FAQs
• Does this mean I no longer have a database of user accounts?
• How do I know that an OpenID is a real person, and not an evil spammer?
• Isn’t it a bad idea to outsource the security of my users to a third party?
• What are the privacy implications of this?
http://openid.net/
http://www.openidenabled.com/
http://simonwillison.net/tags/openid/