OpenID: Decentralised Single Sign-on for the Web

Andy Powell and David Recordon, Ariadne Issue 51: OpenID is a single sign-on system for the Internet which puts people in charge. OpenID is a user-centric technology which allows a person to have control over how their Identity is both managed and used online. By being decentralised there is no single server with which every OpenID-enabled service and every user must register. Rather, people make their own choice of OpenID Provider, the service that manages their OpenID. One key function which OpenID supports is the ability for a person to have ‘single sign-on’ across multiple OpenID-enabled services. Having provided their OpenID to the Relying Party they want to access, users are then redirected to their OpenID Provider in order to check their credentials. This means that sites which implement OpenID do not ever know the user’s actual password (or other credentials). The benefit to users is increased security, particularly by employing a strong approach such as a one-time-password to login to their Provider, and a much simpler login experience on the Web. Note that although true single sign-on is achievable using OpenID it is not a requirement and there may be reasons why an individual will want to retain multiple online identities (i.e. multiple OpenIDs) for their different online activities.

Published in


Date added: 07/20/2007


Leave a Comment