OpenID Usage Overview
August 28th, 2007
I’ve talked about how I want OpenID to be my one authentication provider. One account with them and that’s it. I thought I should go over how it works, so…
Here’s how it works
1) You go to a site that supports OpenID authentication:
2) You enter your OpenID URL or XRI:
2) You are sent to *your* OpenID provider. This is the provider specified by your OpenID ID. Usually, it’s in ID itself: claimid.com/xxx, xxx.pip.verisignlabs.com, etc. The provider is not at all specified by the site you’re currently at, since that is pretty much the point of OpenID: you can use any provider you want… even your own.
3) The OpenID provider can do want they want now. If you’re already logged in, they can simply ask you if you want to login to and/or trust the originating site, or they may need to ask for additional information to send to the originating site, or they may simply redirect you back to the originating site, since you’re already logged in. However, if you’re not logged in, they may allow you to login in right there:
or they may force you to intentionally go to their page to login first:
The point is that it’s up to the provider to make that choice.
4) If you successfully logged into your OpenID provider, a cookie is saved on your computer that records that you’re logged into your OpenID provider.
5) You are then redirected back to the originating site.
Now that you’re logged into your OpenID account, any future use of OpenID on any other sites from that computer won’t ask you to login.
OpenID Providers and Supporting Sites
First, you need to sign up with an OpenID provider. Some are pay. Some are free. I use ClaimID, a free OpenID provider, and my blog’s domain which uses Wordpress as the OpenID provider. Verisign has a free OpenID provider as well. The form of the ID created by these services can vary, although they’re generally of the form <ID>.<OpenIDDomain> or <OpenIDDomain>/<ID>. And although it’s definitely not a standard yet, there are more and more sites that support OpenID. However, it is still a little problematic since it can prove you own the ID you claim to own, but it doesn’t necessarily guarantee that you are who you are.
I am using Ziki as my OpenID provider.
Ziki also offers a powerful people search engine, a 20K members professional and private network and free registration of your name within Google, Yahoo! and MSN to make you appear amongst the commercial ads of these search engines and their content networks.
August 28, 2007 @ 7:55 am
I am getting very interested in the possibilities for OpenID. I have a feeling it could help solve a problem I have currently with my blog. On a daily basis, I now get over 100 Splog comments (Spam for Blogs) that are mostly quite long and vulgar.
I think if I had an OpenID plugin for Wordpress (if that’s what it takes), I might be able to reduce the amount of Splog I get, without forcing people with valid comments to have to register as users on my blog.
I found this post when doing a Technorati search for OpenID and Wordpress.
So, if anyone knows where I can find the instructions for integrating OpenID into a Wordpress blog, I’d be grateful. And if I find a way somewhere else, I’ll try to remember to come back here and post it.
August 29, 2007 @ 11:09 am
Scott,
You can use OpenID for commenters to login with if you install and locally run WordPress on your own server. However, I think this only presents OpenID as another login option along with the traditional name/email option. Look at http://www.aaronlerch.com/blog/ for an example.
So spammers can still use the name/email option. However, even if you somehow did only allow OpenID, I don’t see why spammers couldn’t just run their own OpenID server that wouldn’t require them to login and would make the sploging that much easier.
August 29, 2007 @ 12:56 pm
[…] to your OpenID provider and not some man-in-the-middle masquerading as your provider. However, as I’ve shown before, VeriSign PiP doesn’t allow referring websites to redirect to the VeriSign site in order to […]
October 17, 2007 @ 3:37 pm