OpenID

Warning: beta, in-flux. May 2005.

What

This is a distributed identity system, but one that's actually distributed and doesn't entirely crumble if one company turns evil or goes out of business.

An OpenID-enabled site/blog lets you authenticate using your existing login from your homesite (whether that's on your own server or a hosted service) without giving away your password to the 3rd-party site you're visiting, or making a new account there, or giving away your email address.

And it's secure, and can run entirely in the browser without extensions, without moving between pages.

Why?

How's it work?

Here's the big picture: (for details see the specs)

Why not _______?

What about trust?

This is not a trust system. Trust requires identity first.

What about spam?

Again, this is not a trust system.

Somebody could run their own identity server that says they're http://spammer.example.com/000001/ all the way to http://spammer.example.com/999999/ and that's not a goal of this system to prevent. It's another layer's job to say the identities with URL spammer.example.com/* is a spammer, or some ID server is a known spammer, or some particular identity is a known spammer.

What this does prevent is anybody but that spammer from using that identity URL. While somebody else could make their ID server say that they're that http://spammer.example.com/000001/ URL, a) why would they?, and b) unless they also controlled the host spammer.example.com, they couldn't change the <link rel=..> tag to point to their rogue identity server.

What about signing comments?

This system doesn't sign comments. If a rogue site says it's OpenID-enabled but actually isn't and claims to have posts from your identity, that doesn't mean anything. This system isn't designed to prevent that. The goal of this is for sites that do care about preventing spoofed comments/identities to be able to do so, if they play along.

After all, anybody could put up a geocities page right now that says anybody said anything. Do you trust it just because you read it?

There are, however, some pretty obvious spots to insert comment signing into this scheme, so it's likely a future version of this spec will include that, with the identity server providing back a permalink/signature to the comment posted, so readers on some random site can go back to the origin to verify it.

Who owns this?

Nobody should own this. Nobody's planning on making any money from this. My goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we're all a part of the community. If something like this already exists and I don't know about it, do let me know. My goal isn't to reinvent the wheel... just find something that everybody can easily use. Update: Thanks for the pointers! We've got at least two other people from similar projects on the mailing list, one of which was nearly identical to this system (mIDm) and had a similar outlook: he wanted something to just work, regardless of who made it, so he'll be helping us out.