A Brief Introduction to OpenID
As presented on the openid.net, OpenID is an actually, distributed identity system. It's a big issue to conduct a trustable, uniform identity system across the Internet. Too many identity systems and platforms already exist there for years. Many companies had tried to combined the ways together, such as the Passport of Microsoft, the Google account, etc. Whatever, none of them has been proved a good way until OpenID appears. Although email address is widely spread as an popular account schema, it is argued that the spam is a tough side effect. (It's really true for my account on hotmail. It does act as a passport than an email box.)OpenID was originally proposed by Brad Fitzpatrick of LiveJournal. The main point is to use a valid URL as the identity. And a mediate server is specified by meta data provided by the page on that URL. This server provide a centric authentication process between the end user and the login server.
In a word, anyone owns a web page (URL), he/she can used that page URL as his/her identity under the OpenID architecture. Only this single URL is needed to sign in every site, every service, of course, the sites/services must support OpenID. No more login/password, no email, no spam. OpenID provide an normal authentication path between an identity and the service. It is not its job to provide the trusted personality authentication. It can secure the communicate path, but it cannot guarantee the entity is the really one he/she claim.
To draw a short conclusion. OpenID is a wonderful technology. It can be foretold that more and more guys will support OpenID.
Some interesting introduction links are here:
- Wikipedia
- openid.net
- Web2.0 , SSO & OpenID by MengYan [in Chinese]
- 赶快开启你的OpenID by Herock Post [in Chinese]
- openID绝对是个好东西 by Zola [in Chinese]
- OpenID 就是个好东西 by scavin on http://soft.lzzxt.com/ [in Chinese]
OpenID是一个分布式的身份标识系统。所谓身份标识,也就是在登录或使用某种服务时使用的帐号。QQ号码、网站的ID就是最基本的一种身份标识。为了记忆和唯一性等方面的方便,后来出现了使用Email地址做帐号的系统,例如微软的Passport和Google Account。但是,使用Email很难避免有人利用这个信息发垃圾邮件(事实上,我的hotmail邮箱就是这样被废掉的,现在只能做IM用了)。在互联网快速发展的今天,拥有一个个人网站、个人域名不再是困难的事情,甚至许多组织和厂商都提供了这样的免费服务,因此,使用URL来做登录的身份标识逐渐成为一个新的方案。系统的想法是LiveJournal的Fitzpatrick最早提出的。基本原理是:一个人首先拥有一个URL和相应的页面,这个URL就可以作为他登录各种服务的身份标识了,在这个页面里指定一个可信任的身份标识服务器,并已经在这个服务器完成了身份的“注册”,使用URL登录某项服务时,这个服务读取URL的页面,根据里面的信息找到认证服务器,再通过服务器进行身份认证,认证通过就可以使用服务了。这个流程不复杂,尽管描述起来多少有些绕。由于URL的唯一性,利用这个身份标识系统,理论上可以使用一个标识就能登录所有的服务,当然,要服务提供商支持这个协议才行。这个模式可以通过通信加密而保证身份在认证过程中的有效,但是并不能保证声称身份和实际身份的相符,当然,这是另外一个层面的问题了。总的来说,OpenID是一个很好的系统,将来一定会有更多的服务商支持这个系统。
上面列出了一些关于OpenID的介绍链接,非常好,也非常有趣。
