Web users are schizophrenic, and not by choice: They possess multiple identities to access sometimes dozens of online resources, but juggling those username/password combos is burdensome, time consuming and often a slippery slope to insecure practices. Who hasn't seen monitors adorned with Post-It Notes full of tasty data?
The OpenID Foundation wants to change that. On the user side, its community-developed system aims to let users create a single identity for signing in to an unlimited number of Web sites, relieving them of the need to maintain a variety of IDs and passwords. The OpenID framework also lets users control which identity attributes, such as e-mail, date of birth and so on, can be shared with a given site. OpenID may also appeal to Web site owners looking to cultivate large user communities. To that end, the foundation has designed its specification to be simple and inexpensive to deploy.
So what is an OpenID? It's a URL that a user enters into the log-in field when accessing a Web site. The framework provides the cryptographic underpinnings to prove that a user owns the URL she's logging in with. The OpenID specification, now available in a 2.0 draft version, has attracted an impressive list of supporters, including Microsoft, VeriSign and AOL.
However, OpenID isn't quite ready to change the world. Only a tiny fraction of Web sites—mostly blogs—actually accept OpenID credentials. Also, self-assigned IDs, which OpenID employs, are simply unsuitable for high-value e-commerce transactions. To that end, OpenID developers are working with other authentication frameworks, such as Microsoft's Windows CardSpace and the Liberty Alliance specifications, to create an identity infrastructure that allows users to move among identity systems and ratchet up authentication and assertion measures as necessary.