If you’ve been aware of OpenID for a while but hadn’t got round to setting yourself up with one, or perhaps hadn’t even heard of it, here’s a two-minute quick guide for non-techies.
What is this OpenID thing then?
Remember Microsoft Passport a few years ago? The idea was that instead of having to remember lots of logins and passwords for all of the websites you use, you had just one set and this could be used on any website that had signed up to the Passport scheme. Cool idea, but being beholden to Microsoft was not so cool. OpenID is a decentralised single sign-on solution that achieves the same goal, but using open standards.
OK, so why do I need one?
The main benefits are convenience because you don’t have to set up and remember a new login and password for each website; and privacy, because you don’t have to reveal your identity to a website – instead, OpenID gives you a way to just prove you are who you say you are.
Where can I use OpenID?
Lots of web applications allow you to sign on using OpenID. And some sites (like social bookmarking tool Magnolia) are making OpenID the only sign-on method that they will allow for new users. Yahoo and other big players are also jumping on the bandwagon, so pretty soon it’ll be fairly standard across the web.
Sounds good. Where do I get one, and how does it work?
If you’re using one of several popular web applications, you may already have an OpenID. In that case you can just go right ahead and start using it elsewhere. If not, the easiest way for non-techies to get started is by setting up a free account on a service like MyOpenID. This gives you a unique domain name e.g. tommytwoshoes.myopenid.com which will serve as your OpenID username. Then you choose a password, and you’re done. You can now login to any OpenID website using your unique domain name and password. When you do this, the actual login process where you enter your password happens on the MyOpenID website, so you don’t have to worry about the security of the website you want to login to.
How do I use my own domain name?
Ideally you should be using your own domain name for OpenID so you’re not reliant on any third party in the future. If you have your own domain name, perhaps with a blog or a personal website running on it, you can add some simple code to the homepage HTML which will delegate your OpenID from your own domain name to your OpenID service provider. Here’s an example:
<link href=”http://www.myopenid.com/server” rel=”openid.server” />
<link href=”http://tommytwoshoes.myopenid.com/” rel=”openid.delegate” />
Now you can use your own domain name, e.g. tommytwoshoes.co.uk as your OpenID login, and the rest will happen behind the scenes. So if you ever wanted to move away from myopenid.com as your provider, you wouldn’t have to change your OpenID. Nice.
Should I allow users to login to my own website or web service using OpenID?
Most probably, yes. In services won’t want to go quite as far as Magnolia in only allowing OpenID for new users, but there’s no harm in having OpenID as an optional way of logging in to your site. It makes the sign-up process much faster for users who already have an OpenID so it could be a good way to attract more users. Just point your developers here and they can use a library of open source code to get going.
2 Comments
I love OpenID. Having a decentralised login is much more convenient than setting up different passwords everywhere, and more secure than using the same username and password all over the Web.
Setting up your own domain to delegate to an OpenID provider is definitely the way to go. This means that you can change provider (if yours has security issues or goes out of business, for example) without having to change your OpenID on every site you’ve registered with.
I just used my Yahoo Open ID to open a Magnolia account, the first time I’ve tried using an OpenID anywhere and it was all pretty seamless. In fact, I’m loving the idea of this single login ID so it was a contributing factor in trying out Magnolia over Delicious. Delicious have no OpenID option whatsoever.