Understanding OpenID is not easy

openid Last year, I signed up to get an OpenID.

I didn’t fully understand what it could do but I did believe that it would become more important, not to mention useful, to have a means by which you could identify yourself with a trusted common ID on websites where normally you’d have to separately register each time with a user name and password.

I did understand the de-centralized aspect of it all where you’d choose from a selection of organizations who offer OpenID services.

I went with VeriSign’s Personal Identity Provider. Why VeriSign and not one of the other providers? Mainly because I knew of VeriSign and associate them in my mind as a trusted company in the broad area of security online.

Anyway, I’ve had my PIP OpenID identity for some while, but I’ve never actually used it.

And that’s because I still don’t really understand how to.

What is OpenID? Don’t look for an easy explanation on the OpenID website (try and understand this). Instead, the simplest-to-grasp that I’ve seen is in the Wikipedia entry:

OpenID is a decentralized single sign-on system. Using OpenID-enabled sites, web users do not need to remember traditional authentication tokens such as username and password. Instead, they only need to be previously registered on a website with an OpenID “identity provider”, sometimes called an I-broker. Since OpenID is decentralized, any website can employ OpenID software as a way for users to sign in; OpenID solves the problem without relying on any centralized website to confirm digital identity.

TypePad has something similar with its TypeKey service, although it’s not had wide take-up outside of the TypePad community of users.

Yesterday, I received an email from PIP telling me of a range of improvements to the service.

Things like:

  • Support for OpenID 1.1 and 2.0
  • Ability to create multiple identities managed from within a single user account
  • New “tag based” profile data management interface making it easier to view and sort all of your profile data
  • Ability to download managed Information Cards for each of your created identities to use with technology such as Microsoft’s Cardspace
  • Strong authentication support via second-factor credentials from the VeriSign Identity Protection network (PayPal tokens can now be used on the PiP), along with the ability to have a one-time PIN sent via SMS or email if you’ve forgotten your credentials

Yes, well, that’s all great, and indicates advances in further developing the trusted aspects of this service, but I still don’t feel incentivized to go out and use my OpenID anywhere.

For one thing, I hardly see any websites or blogs that employ OpenID. And that’s when I actually visit websites and blogs, which I don’t do that much because I’m an RSS creator-consumer.

Mind you, one new feature from PIP which looks very interesting is the Seatbelt, a Firefox extension that lets you manage all your OpenID sign-ons without going to the PIP site all the time. Things like this start making it all easier to understand.

And on that point about understanding, I was beginning to think it’s just me with this difficulty. Then I found Jan Miksovsky’s terrific post in which he starts out with this:

[…] [OpenID] sounds great, but in practice I found the whole process bewildering. In my opinion, it’s not ready for consumer use.

Absolutely right. It seems to me that OpenID is still a very early-adoption technology, the domain of serious geeks and tech enthusiasts.

Well, I’m as enthusiastic as the next geek but I just don’t really get OpenID yet.

Maybe it’s by using tools like Seatbelt and paying attention to people like Jan Miksovsky that will bring some enlightenment.