OK, I have been looking into OpenID for ages but I really just cannot understand it.
I understand that you have a single login name which sounds great. But then I understand that you have to associate it with a username on the other site. For example, if you used OpenID on Yahoo! you link your OpenID with your Yahoo! ID. But then what do you do with it?
If I want to register with another site that supports OpenID it can't access the information that Yahoo! has about me, so what is the point?
From what I can see OpenID is simply a way to avoid having to remember lots of different user names and passwords. I still have to provide my information to the different sites over and over again.
As I said before, I really don't get OpenID and I don't know why. Does anybody have anything to say about it that will enlighten me?
Small websites have the most to gain from OpenID. If you're a small site and you want users to register, they may hesitate to create yet another username and password that they have to remember, especially since you're small and they haven't fully bought into your product. Instead, you let them sign in with a username and password they already have--their OpenID. You don't have to collect any extra info from them or require them to create any other username/password for your site. They just authenticate themselves using OpenID and now they can do whatever they registered for. This is similar to what Microsoft and others have tried to do with Passport, etc., but OpenID is decentralized and not owned by any entity.
Decentralization is good from a user perspective. I use the URL of my personal website, http://christophertcressman.com/, as a delegate for my OpenID. I got an OpenID from myopenID, but I never use the URL they gave me. Instead, to log in with my OpenID, I use my website URL and my password. If I decide I'm unhappy with myopenID as an OpenID provider, I can switch to another provider but keep my OpenID URL (username) the same by using my website as a delegate.
This is great because it forces OpenID providers to compete. Providers are now offering better and better security and privacy features to get you to use them rather than a competitor. myopenID, for example, has a feature that when I log in to a site using my OpenID, they call me and I have to answer and confirm that I want to log in. This adds a second factor of authentication. A malicious hacker would need my password and my phone to log in as me. How many sites offer that sort of protection with their own authentication schemes? These are the sorts of possibilites that open up when we have a standardized way to authenticate ourselves online.
This has helped me somewhat and has answered my main problem: that of sharing data. I registered at myopenID and saw the way that if I logged on to another site with my OpenID, I was redirected to myopenID and it asked me which items of data I would like to share. That seems good. Add the data once at myopenID and it can be shared with lots of sites.
The other main stumbling block for me is the username. I guess the reason you need to use a URL is so the site knows where to query your information from. Do you really see this working? A URL as a username?
OpenIDs are URLs because URLs are globally unique. It's impossible for two people to have the same URL. In the future, you may have the option of using an email address as an OpenID as well.
I really like the idea of a URL representing me. I have a personal website that describes who I am (my identity). That URL is a great choice for my OpenID.
Can you really ever see this taking off big time then while you need a URL as your username?
I would assume that most people who use OpenID at the moment are tech savvy people who know what's going on. Do you think it will ever appeal to the ordinary folks who are tired of having to create an account every time they want to post on a forum?
What about the idea of using an email? How would this work?
Bookmarks