By David Rosen

If you have signed up for a new service recently, you may have noticed an option to use something called OpenID. You may have noticed that it is an option when you log in to Plaxo, LiveJournal, or WordPress. You may have heard that AOL and Yahoo are now OpenID providers. Many OpenID sites extol the virtues and benefits that come with it… “Only password to remember!” “Decentralized!” “Open Source!” “Establish your identity anywhere and everywhere!” But they all tend to explain only the benefits of OpenID rather than what it actually IS. Today we’re going to answer the question, What is OpenID?

First a quick digression: What is authentication? Normally, to login to your account at a website, you first identify yourself with a username, and then you prove that you own it by providing a password. This process is “Authentication.” It doesn’t have anything to with your Plaxo contacts, your Blogger profile, or your Flickr pictures. Authentication is claiming that an identity is yours (username) and proving it (password).

There are many of ways to authenticate to a system besides usernames and passwords, you use some of them already. Need an example? Think about getting money from an ATM. First you claim who you are by providing your ATM Card. Next you prove it by entering the PIN (a 4-digit password).

There also methods of authentication that don’t directly require passwords at all. In fact this occurs almost every time you sign up for a new account online. Say you’re signing up for an account at Plaxo.com… At some point you claim that an email address (an identity) is yours, by entering it into the sign up form, and then you have to prove that it is indeed yours. How do you do that? By going to your email, logging in and receiving an email with a secret code to enter or a secret link to click. You have now authenticated your email identity without ever having to hand over your Gmail password to Plaxo. NOTE: Your email username and password were still required indirectly. You had to enter them to check your email, but your email password was never entered at Plaxo.com.

Now back to the real question: What is OpenID?
OpenID is just another method of authenticating yourself – one that is similar to the email registration example above, but more automated. With OpenID your identity is a Website rather than an Email address or a Username. You first claim that you own a website (an identity), and then you have to prove it. But, just like in the email registration example, you never directly hand over the username and password to your OpenID website. So how do you prove you own it? Same method as in the email example, you go to your OpenID and log in. But in this more automated version, the service you to want to use (Plaxo.com for example), automatically redirects you to your OpenID website. Then, instead of having to click a secret link or type in a secret code to prove you logged in, the OpenID website itself simply tells the requesting service (Plaxo) whether you passed or failed authentication.

Need a concrete example? Here is a simplified version of what happens when I want to log in to my Plaxo.com account:

1. I go to Plaxo.com and choose the option to Sign in with OpenID
2. I type in “https://dnszero.myopenid.com” and hit enter
3. Plaxo sends me to my OpenId site (www.myopenid.com) to login
4. I login at myOpenID.com
5. myOpenID.com send me back to Plaxo.com, and tells Plaxo.com whether I passed or failed authentication

Still wondering what the benefit is here? It’s two-fold: First, I can use dnszero.myopenid.com to log in everywhere that OpenID is accepted. No more having to remember 8 usernames and 6 passwords. Second, these websites that I log into never touch or even see my password. I don’t have to worry that a flaw in one website’s security will compromise my password (the same password I use to log in everywhere, in this case).
Pure bliss, right? Maybe, maybe not. Come back next week and we’ll touch on some of the benefits and some of the major flaws.

Image Credit: Photo by Konrad Mostert