If you haven’t heard of OpenID, I suggest you create a livejournal account, and start seeing where you can log into with your live journal credentials. You can also go read more about it at openid.net. The basic premise is a distributed authentication system that allows a user to select their authentication provider when they log into various web sites. The hitch is that you and the site you’re wanting to log into have to use a mutually agreeable authentication provider.

When OpenID was first announced, it touted that you could run your own OpenID server, and then you’d never have to give your password to the site you’re logging into, only the site (which you trust) that you’re authenticating to. That completely runs afoul of the whole “mutually agreeable” authentication provider. If the site you’re logging into doesn’t trust your OpenID provider, you’re never going to be able to use it to authenticate. Most of us have moved past this point, and expect that we’ll be using major OpenID providers rather than our own, but the protocol still allows it, and it can be used among friends.

One of the huge benefits of OpenID is that each OpenID provider can authenticate their users in whatever way they want – password, two-factor, etc. But the relying party still gets to choose what authentication level they’ll trust (and so far, the only models I’ve seen are password based).

So, why will OpenID succeed? Once people realize that they can log into sites that may look sketchy without having to give their passwords directly to that site, they may start visiting smaller sites that just don’t have the security that the larger sites do. This gives a huge boost to those smaller companies by bringing in more consumers.

This entry was posted on Wednesday, July 16th, 2008 at 2:40 pm by Laura Raderman and is filed under passwords. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.