At the Forge - OpenID

An introduction to OpenID, an open-source, distributed, single sign-on solution for Internet applications.
Creating and Using an OpenID

With all the background information out of the way, let's create and use an OpenID. An OpenID is nothing more than a URL, typically written as For example, my OpenID is

Notice that I can share this URL publicly; there is no reason for me to keep it secret. is just one of several OpenID providers. Indeed, many people already have an OpenID, even if they don't realize it. For example, if you have a blog at LiveJournal, that URL can be used as your OpenID.

To sign up for an OpenID, simply go to the home page of your provider. For example, go to the home page and click on “sign up for an OpenID”. That takes you to, which asks you to enter a user name (it must be unique) and a password. You also can provide an e-mail address, which is optional, but doing so allows you to recover your password if you ever forget it. Finally, uses a captcha to ensure that a person, rather than a program, is signing up for the account.

Once you have signed up for an OpenID, you can use it to log in to a Web site that supports it. Typically, logging in to a Web site requires that you enter both a user name and password. But, if you use OpenID, you enter in neither of these to the Web application's login screen. Instead, you enter only the URL of your OpenID, including the http prefix that we so often ignore nowadays.

For example, I can go to, a site that lets anyone create a how-to manual. I click on “create an account or log in” at the top of the page, which brings me to a login screen. The resulting screen tells me I can log in using OpenID, if I want, by going to (In other words, wikiHow has two separate login pages: one for regular users with a user name/password combination and another for OpenID users, who enter only their OpenID URL.) Finally, I enter into the text field.

Because I had logged in to OpenID earlier, I wasn't asked to provide my password. However, this is the first time I've tried to log in to wikiHow with OpenID. Thus, must verify that I am willing to share information with wikiHow. I click on the allow forever button, which means whenever I'm logged in to, it should share information with wikiHow. After clicking this button, I am redirected back to, where I am logged in and identified by my first name.

Switching Providers

This system works quite well in my experience, and you quickly become used to the back and forth authentication process. However, major problems remain. What happens if goes out of business? What if its database is compromised? What if it turns out to be highly unethical and is using people's IDs? What if I find a provider whose Web site is more attractive to me?

I always can switch to a different provider, of course. But, that effectively means having a new and different user name on a site. On a social-networking site, this obviously would be disastrous, as I would need to reconnect from my new account to each of the people in my old account.

The solution to this is quite clever. Instead of giving people the OpenID I mentioned above, I instead give them an OpenID on a Web site that I control, whose URL is unlikely ever to change. For example, I can give an OpenID of

I know that the domain will remain mine forever. Thus, I can be reasonably sure that this URL also will be in my possession for a long time. Moreover, I control the contents of the home page. That page may contain any HTML content I want. But, it also should contain the following two <link> tags in the <head> section:

<link rel="openid.server" href="" />
<link rel="openid.delegate" href="" />

We already saw how I can log in to wikiHow by giving my OpenID at But, with the above lines in place, I also can log in to wikiHow by entering

This tells wikiHow to retrieve the home page from my personal Web site. It uses the first <link> tag to know which server to use and the second <link> tag to know which user name and ID to authenticate. Everything then continues as usual. I authenticate myself as necessary against, which then redirects me back to wikiHow.

The beauty of this redirection system is that if I decide against using MyOpenID for any reason in the future, I simply change the <link> tags in index.html. wikiHow and all other sites will follow whatever points to, whether it's, or something else. In this way, I ensure that my OpenID always is associated with the provider who offers me the best combination of security and usability for my purposes.

Unfortunately, things don't always go smoothly. For example, when I registered with wikiHow, it got my nickname (Reuven) from When I try to log in with my new, redirected OpenID, wikiHow thinks it's dealing with a new user—one whose requested nickname clashes with that of an existing user. So, the key is to set up and use the redirecting URL early on, and not switch to it after you already have used OpenID for some time.

There are other problems as well. For example, I currently juggle two different sets of identities on-line, as some companies want to deal only with US citizens living in the United States. And, although I'm currently back home in Modi'in, Israel, I continue to have a US phone number (through Skype), a mailing address (at my parents' house), and a US bank account and credit card. So, I need two separate identities: one with my Israeli information and another with my US information.

Fortunately, OpenID 2.0 supports both the export of information to the consumer application and also the use of multiple personas. Each persona can have a separate name, nickname, image and location, and I can choose which persona is associated with each consumer, under the umbrella of the same OpenID.



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.


Anonymous's picture

You make Firefox look like the best thing since sliced bread. Firefox is not as good as Opera and Safari these two browsers are closed so they are more secure. Try Opera on your Linux Box. I use Safari on all my Mac's I did try the OS X version of Firefox the UI and everything is ugly!

"Firefox is not as good as

Anonymous's picture

"Firefox is not as good as Opera and Safari these two browsers are closed so they are more secure."

Are you serious!? Obscurity is not security. Does obscurity work for IE?

Is it safe?

goblin's picture

Well... Is it?