Monday, January 29, 2007


OpenID is a decentralized digital identity system, in which any user's online identity is given by URI (such as for a blog or a home page) or an XRI in the latest version, and can be verified by any server running the protocol.

On OpenID-enabled sites, Internet users don't need to create and manage a new account for every site before being granted access. Instead, they only need to be able to authenticate with a trusted site that supports OpenID, called the identity provider (or IdP, sometimes called an i-broker). The identity provider can then confirm ownership of the user's OpenID identifier to other OpenID-enabled sites, called relying parties or RPs. Unlike most single sign-on architectures, OpenID does not specify the authentication mechanism. Therefore, the strength of an OpenID login depends on how much a relying party knows about the authentication policies of the identity provider. Without such knowledge, OpenID is not meant to be used on sensitive accounts (banking, e-commerce transactions, etc.), but if an identity provider uses strong authentication, OpenID can be used for all types of transactions.

OpenID is increasingly gaining adoption amongst large sites, with organizations like Technorati both acting as a Relying Party and as a Provider as well as Wikipedia announcing that they will support OpenID. In addition, integrated OpenID support has been made a mandatory priority in Firefox 3.

No comments: