Opening up with OpenID

Greg Balnis
Written by Greg Balnis
on November 26, 2010

In my previous post I introduced a concept of user-centric identity for online applications. Here I would like to introduce a solution to the problem that is already pretty much adopted by the industry: the OpenID standard. But let’s start with the question: Why do we care?

User-centric identity
Of course it would be great if everybody could just use a one pair of login/password to access every service online. But there is more to that. You have heard this many times before already: to be successful in the online economy of today you first must win the battle for user’s attention. The reason for Google being so successful is that they can place the ads in the context of what the user is doing, increasing the chances that she is actually interested in what the ad has to say. Google algorithmically analyzes the content that the user reads or searches for, assuming that it has something to do with her interests.

Facebook takes the model further by trying to identify a user’s interest not only from the immediate context but also from her profile, social interactions, Facebook “likes,” etc. The way it evolves, it is becoming more important to listen to what the user herself says her interests or intentions are as opposed to some algorithm trying to guess those intentions.

Here is where user-centric identity comes into play. There are plenty of online services around that offer users the possibility to assert their preferences, interests and intentions. We may tailor our communication with the user according to her preferences if she chooses to share them with us. But in order to make use of these self-asserted profiles we need to be able to request and access them. And for that we need a user identity system that is global – very much like the mechanism that we use for identifying the online services themselves: the URL. This blog is uniquely identified by http://solutions.wolterskluwer.com/blog/. There is no reason why the author of this post couldn’t be uniquely identified as http://www.google.com/profiles/107432091873669187899 (except, maybe, that it would be nice to be able to memorize my own identifier).

Meet OpenID
The idea behind OpenID is that the user creates her one and only profile with the identity provider of her choosing. She receives an OpenID login name (not necessarily like one in my Google profile above, more like janedoe.openid.myprovider.org), sets her password and, perhaps, provides some other attributes such as email address, preferences, etc. With this OpenID login name she can sign in to any OpenID-enabled website. Instead of requesting a password, the website redirects the user to the login page of the identity provider who requests and validates the password. If the password is right, the identity provider sends back the approval to the site that initiated authentication. Ideally, there is one and only one digital “handle” of the individual in the whole Web (some might choose to have more than one identity but that’s different story).

OpenID is user-friendly
Note that OpenID might be chosen so that it contains no sensitive information about the individual who owns it. Registering with an online service supporting OpenID does not require revealing your email address anymore. On the other hand there is a way for an online service provider to request additional information about the OpenID owner (like email or something else). This conversation between systems would not be strictly speaking a part of OpenID standard, but it would work in a similar way: the identity provider would ask the user if she agrees to hand over specific data to a given website. The user fully controls the information that flows from her profile to other parties.

OpenID is widely used
If you are new to the concept, you might be surprised to learn that there is over 1 billion OpenID-enabled accounts and over 9 million OpenID-enabled websites out there. And those are 2009 figures. With version 2.0 the standard is certainly ready for its prime time with all major vendors pledging support. Are you ready to adopt it as well?
Tags for this article: , ,


Leave a comment

Exploring trends, content, technology, and new ideas in the global information industry. New posts every Monday, Friday, and whenever the innovation bug inspires us. Visit www.wolterskluwer.com to learn all about us.
Recent comments
dropdown