OpenID

Status: stabilized. consumer/server both live on LiveJournal.com -- Jul 2005.

What

This is a decentralized identity system, but one that's actually decentralized and doesn't entirely crumble if one company turns evil or goes out of business.

An OpenID identity is just a URL. You can have multiple identities in the same way you can have multiple URLs. All OpenID does is provide a way to prove that you own a URL (identity). And it does this without passing around your password, your email address, or anything you don't want it to. There's no profile exchange component at all: your profiile is your identity URL, but recipients of your identity can then learn more about you from any public, semantically interesting documents linked thereunder (FOAF, RSS, Atom, vCARD, etc.).

Anybody can run their own site using OpenID, and anybody can be an OpenID server, and they all work with each other without having to register with or pay anybody to "get started". An owner of a URL can pick which OpenID server to use.

While nothing in the protocol requires JavaScript or modern browsers, the authentication scheme plays nicely with "AJAX"-style setups, so you can prove your identity to a site without bouncing between pages.

Why?

How's it work?

Here's the big picture: (for details see the specs)

Why not _______?

What about trust?

This is not a trust system. Trust requires identity first.

What about spam?

Again, this is not a trust system.

Somebody could run their own identity server that says they're http://spammer.example.com/000001/ all the way to http://spammer.example.com/999999/ and that's not a goal of this system to prevent. It's another layer's job to say the identities with URL spammer.example.com/* is a spammer, or some ID server is a known spammer, or some particular identity is a known spammer.

What this does prevent is anybody but that spammer from using that identity URL. While somebody else could make their ID server say that they're that http://spammer.example.com/000001/ URL, a) why would they?, and b) unless they also controlled the host spammer.example.com, they couldn't change the <link rel=..> tag to point to their rogue identity server.

What about signing comments?

This system doesn't sign comments. If a rogue site says it's OpenID-enabled but actually isn't and claims to have posts from your identity, that doesn't mean anything. This system isn't designed to prevent that. The goal of this is for sites that do care about preventing spoofed comments/identities to be able to do so, if they play along.

After all, anybody could put up a geocities page right now that says anybody said anything. Do you trust it just because you read it?

There are, however, some pretty obvious spots to insert comment signing into this scheme, so it's likely a future version of this spec will include that, with the identity server providing back a permalink/signature to the comment posted, so readers on some random site can go back to the origin to verify it.

Who owns this?

Nobody should own this. Nobody's planning on making any money from this. My goal is to release every part of this under the most liberal licenses possible, so there's no money or licensing or registering required to play. It benefits the community as a whole if something like this exists, and we're all a part of the community. If something like this already exists and I don't know about it, do let me know. My goal isn't to reinvent the wheel... just find something that everybody can easily use. Update: Thanks for the pointers! We've got at least two other people from similar projects on the mailing list, one of which was nearly identical to this system (mIDm) and had a similar outlook: he wanted something to just work, regardless of who made it, so he'll be helping us out.