OpenID is a decentralized identity/single-sign-on system which uses URLs to identify people. Now I haven't particularly looked at this stuff for a while, so I was surprised to see how much had happened in the last few months.

In particular:

  • Verisign have joined the openid bandwagon. They've got somebody participating in openid2.0, and they've got an openid based identity service. I think this adds a little extra credability to the whole thing, at least for enterprisy types.
  • Dick Hardt from SXIP is now involved in the openid2.0 spec. This is good news - I wasn't keen on the original sxip1.0 but I think Dick is one of those charismatic types who promotes things until they succeed. Hopefully he'll be a Dave Winer for open digital identity.
  • Some companies have got together and funded an openid promotion initative: iwantmyopenid.com.

All this momentum has prompted me to add openid to my wordpress system - hopefully at some point in the future I'll be able to turn the anonymous commenting stuff off alltogether. I used this plugin for the comment authentication functionality, which worked out of the box (although I did have to tweak it a bit to remove the livejournal cruft and get things looking right). I haven't tried the 'use your blog as an openid server' stuff as I prefer to delegate to a 3rd party provider.

Actually having said that, I don't see the delegation feature mentioned enough: The super-cool thing about openid is that it allows you to delegate authentication to a 3rd party security provider but still use identity URLs under your domain (and thus your control). E.g. my public openid is 'phildawes.net', which means that other web sites authenticate me by going to the http://phildawes.net/ url (which I control). However I currently have the following text in the head of the html page served at that address:


<html>
<head>
...
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://phildawes.myopenid.com/" />
<meta http-equiv="X-XRDS-Location" content="http://phildawes.myopenid.com/xrds"
...
</head>

This gubbins tells sites to do the the actual authentication with myopenid.com (which is a free openid security provider). The upshot is that I don't have to run my own security authentication software to control things, but I'm also free to move to a different provider at any time without changing/losing my online identity. Sweet!