OPEN ID

OpenID is rapidly gaining adoption on the web, with over one billion OpenID enabled user accounts and over 50,000 websites accepting OpenID for logins.  Several large organizations either issue or accept OpenIDs, including Google, Face book, Yahoo, Microsoft, AOL, MySpace, Sears, Universal Music Group, France Telecom, Novell, Sun, Telecom Italia, and many more. Open ID is a portable, single digital identity that users can use across the web. Anyone with an OpenID can sign into any site that wants to accept OpenID, without having to create a new username and password. An OpenID is a way of identifying yourself no matter which web site you visit. It's like a driver's license for the entire Internet. But, it's even more than that because you can if you want to associate information with your OpenID like your name and your e-mail address, and then you choose how much web sites get to see about you. This means that web sites that take advantage of OpenID won't bother you for the same information over and over again.
With OpenID, internet users do not need to create a brand new identity at every site they visit before being granted access. Instead, if a site chooses to become OpenID-enabled (called becoming an OpenID consumer or relying party), its visitors need only to have previously registered with an OpenID "Identity Provider", such as myVidoop.  Because OpenID is decentralized, any website can enable OpenID to make itself more convenient for its users, and no one has to depend upon a single point of failure. The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as smart cards or biometrics). The term OpenID may also refer to an ID as specified in the OpenID standard; these IDs take the form of a unique URL, and are managed by some 'OpenID provider' that handles authentication. OpenID also simplifies signing in. With OpenID you only have to remember one username and one password. That's because you log into websites with your OpenID, so your OpenID is the only thing you have to make secure. Now, you might already use one username and one password online, but OpenID lets you do this in a secure way. That's because you only give your password to your OpenID provider, and then your provider tells the websites you're visiting that you are who you say you are. No website other than your provider ever sees your password, so you don't have to worry about an insecure website compromising your identity.

The original OpenID authentication protocol was developed in May 2005 by Brad Fitzpatrick, creator of popular community website Live Journal, while working at Six Apart. Initially referred to as Yadis  it was named OpenID after the openid.net domain name was given to Six Apart to use for the project. OpenID support was soon implemented on Live Journal and fellow LiveJournal engine community Dead Journal for blog post comments and quickly gained attention in the digital identity community.Web developer Jan Rain was an early supporter of OpenID, providing OpenID software libraries and expanding its business around OpenID-based services.

In late June, discussions started between OpenID users and developers from enterprise software company NetMesh, leading to collaboration on interoperability between OpenID and NetMesh's similar Light-Weight Identity (LID) protocol. The direct result of the collaboration was theYadis discovery protocol, adopting the name originally used for OpenID. The new Yadis was announced on October 24, 2005 After a discussion at the 2005 Internet Identity Workshop a few days later, XRI/ i-names developers joined the Yadis project, contributing their Extensible Resource Descriptor Sequence (XRDS) format for utilization in the protocol.

In December, developers at Sxip Identity began discussions with the OpenID/Yadis community after announcing a shift in the development of version 2.0 of its Simple Extensible Identity Protocol (SXIP) to URL-based identities like LID and OpenID. In March 2006, JanRain developed a Simple Registration (SREG) extension for OpenID enabling primitive profile-exchange and in April submitted a proposal to formalize extensions to OpenID. The same month, work had also begun on incorporating full XRI support into OpenID. Around early May, key OpenID developer David Recordon left Six Apart, joining VeriSign to focus more on digital identity and guidance for the OpenID spec. By early June, the major differences between the SXIP 2.0 and OpenID projects were resolved with the agreement to support multiple personas in OpenID by submission of an identity provider URL rather than a full identity URL. With this, as well as the addition of extensions and XRI support underway, OpenID was evolving into a full-fledged digital identity framework, with Recordon proclaiming "We see OpenID as being an umbrella for the framework that encompasses the layers for identifiers, discovery, authentication and a messaging services layer that sits atop and this entire thing has sort of been dubbed 'OpenID 2.0'. " In late July, Sxip began to merge its Digital Identity Exchange (DIX) protocol into OpenID, submitting initial drafts of the OpenID Attribute Exchange (AX) extension in August.

On January 31, 2007, Symantec announced support for OpenID in its Identity Initiative products and services. A week later, on February 6 Microsoft made a joint announcement with JanRain, Sxip, and VeriSign to collaborate on interoperability between OpenID and Microsoft’s Windows digital identity platform, with particular focus on developing a phishing-resistant authentication solution for OpenID. As part of the collaboration, Microsoft pledged to support OpenID in its future identity server products and JanRain, Sxip, and VeriSign pledged to add support for Microsoft's Information Card profile to their future identity solutions. In mid-February, AOL announced that an experimental OpenID provider service was functional for all AOL and AOL Instant Messenger (AIM) accounts.

In May, Sun Microsystems began working with the OpenID community, announcing an OpenID program, as well as entering a non-assertion covenant with the OpenID community, pledging not to assert any of its patents against implementations of OpenID. In June, OpenID leadership formed the OpenID Foundation, an Oregon-based public benefit corporation for managing the OpenID brand and property. The same month, an independent OpenID Europe Foundation was formed in Belgium by Snorri Giorgetti. By early December, non-assertion agreements were collected by the major contributors to the protocol and the final OpenID Authentication 2.0 and OpenID Attribute Exchange 1.0 specifications were ratified on December 5.

In mid-January 2008, Yahoo announced initial OpenID 2.0 support, both as a provider and as a relying party, releasing the provider service by the end of the month. In early February, Google, IBM, Microsoft, VeriSign and Yahoo! joined the OpenID Foundation as corporate board members. Around early May, Source Forge, Inc. introduced OpenID provider and relying party support to leading open source software development website SourceForge.net. In late July, popular social network service MySpace announced support for OpenID as a provider. In late October, Google launched support as an OpenID provider and Microsoft announced that Windows Live ID would support OpenID. In November, JanRain announced a free hosted service, RPX Basic, that allows websites to begin accepting OpenIDs for registration and login without having to install, integrate and configure the OpenID open source libraries.

In January 2009, PayPal joined the OpenID Foundation as a corporate member, followed shortly by Facebook in February. The OpenID Foundation formed an executive committee and appointed Don Thibeau as executive director. In March, MySpace launched their previously announced OpenID provider service, enabling all MySpace users to use their MySpace URL as an OpenID. In May, Facebook launched their relying party functionality, letting users use an automatic login-enabled OpenID account (e.g. Google) to log into Facebook.

Because OpenID identifies you uniquely across the Internet, it is a way for web sites and other people to connect the different accounts you've created online into a more cohesive persona. Once you establish yourself as the person who uses a particular OpenID, whenever someone sees your OpenID in use, anywhere on the Internet, they'll know that it's you. Similarly, if you happen upon a new web site and see that someone with your friend's OpenID has made a comment, you can be almost certain that it was actually her and not somebody who, by coincidence, has the same name.

That said, you might be worried that OpenID is going to make all of your activities online transparent. Your OpenID does unify information about you, but it only unifies information that you've already made public. And, you get to choose, using OpenID, which information to spread and to whom. OpenID is no less (or more) secure than what you use right now. It's true that if someone gets your OpenID's username and password, they can usurp your online identity. But, that's already possible. Most websites offer a service to e-mail you your password (or a new password) if you've forgotten it, which means that if someone breaks into your e-mail account, they can do just as much as they can if they get your OpenID's username and password. They can test websites with which they think you have an account and ask for a forgotten password. Similarly, if someone gains access to your OpenID, they can scour the Internet for places they think you have accounts and log in as you but nothing else.

Regardless of whether you use OpenID or not, you should be careful about your username and password. When you type your username and password, make sure you're actually on the website you think you are (i.e., check the address).

Advantages:

QUICK SIGN UP:

Most websites ask for an extended, repetitive amount of information in order to use their application. OpenID accelerates that process by allowing you to sign in to websites with a single click. Basic profile information (such as your name, birth date and location) can be stored through your OpenID and used to pre-populate registration forms, so you spend more time engaging with a website and less time filling out registration pages.

NO NEED TO MAINTAIN MULTIPLE USERNAMES AND PASSWORDS:

Most web users struggle to remember the multiple username and password combinations required to sign in to each of their favorite websites, and the password recovery process can be tedious. But using the same password at each of your favorite websites poses a security risk. With OpenID, you can use a single, existing account (from providers like Google, Yahoo, AOL or your own blog) to sign in to thousands of websites without ever needing to create another username and password. OpenID is the safer and easier method to joining new sites.

GREATER PRIVACY CONTROL:

OpenID is a decentralized standard, meaning it is not controlled by any one website or service provider. You control how much personal information you choose to share with websites that accept OpenIDs, and multiple OpenIDs can be used for different websites or purposes. If your email (Google, Yahoo, AOL), photo stream (Flickr) or blog (Blogger, Word press, Live Journal) serves as your primary online presence, OpenID allows you to use that portable identity across the web.

MINIMIZE PASSWORD SECURITY RISK:

Many web users deploy the same password across multiple websites. And since traditional passwords are not centrally administered, if a security compromise occurs at any website you use, a hacker could gain access to your password across multiple sites. With OpenID, passwords are never shared with any websites, and if a compromise does occur, you can simply change the password for your OpenID, thus immediately preventing a hacker from gaining access to your accounts at any websites you visit.

Because the focus of most OpenID providers (such as Google, Yahoo and AOL) is in identity management, they can be more thorough about protecting your online identity. Most website operators are less likely to be as dedicated to protecting your identity as the OpenID providers, whose focus is on securely hosting user identities.

If you have a Word Press powered blog or website, you can use it as your OpenID. You need to install the OpenID plug-in for Word Press. After the installation is complete:

• Use your blog URL as your OpenID when logging in to other websites. For example, I can use my blog address as my OpenID: www.vineetmanohar.com, in which case I am redirected back to my blog which logs me in, and then redirects me back to the website where I came from.
• You can login to your blog using OpenID instead of your Word Press login/password.
• Visitors to your blog can leave comments using their OpenID. If you are reading this blog and have an OpenID, you can leave comments at the bottom of this page using your OpenID.

In a nutshell, OpenID lets you take your identity with you, proving to other sites on the web that you own a particular URL. Live Journal’s OpenID support lets you use your Live Journal identity (just your URL) on other websites which take OpenID, and also lets you take your non-Live Journal identity and use it here.  Which means that leaving comments on other blog sites, and proving who you are being able to add/trust/ban people as friends who don't have Live Journal accounts off-site LJ utilities that require you to prove your identity.