OpenID: Decentralised Single Sign-on for the Web

Andy Powell and David Recordon, Ariadne Issue 51: OpenID is a single sign-on system for the Internet which puts people in charge. OpenID is a user-centric technology which allows a person to have control over how their Identity is both managed and used online. By being decentralised there is no single server with which every OpenID-enabled service and every user must register. Rather, people make their own choice of OpenID Provider, the service that manages their OpenID. One key function which OpenID supports is the ability for a person to have 'single sign-on' across multiple OpenID-enabled services. Having provided their OpenID to the Relying Party they want to access, users are then redirected to their OpenID Provider in order to check their credentials. This means that sites which implement OpenID do not ever know the user's actual password (or other credentials). The benefit to users is increased security, particularly by employing a strong approach such as a one-time-password to login to their Provider, and a much simpler login experience on the Web. Note that although true single sign-on is achievable using OpenID it is not a requirement and there may be reasons why an individual will want to retain multiple online identities (i.e. multiple OpenIDs) for their different online activities.

Apache ModAuthOpenID

ModAuthOpenID is an OpenID consumer as described in the OpenID 1.1 specification. It has been released under the GPLv2. This module adds support for using OpenID authentication with the Apache 2.0 web server.

OpenID Enabled!

From the developers of the Python-OpenID library and (where you can get an OpenID for free -- you can also choose from a number of other OpenID providers) this is a website by OpenID developers, for OpenID developers.

Perl OpenID and Yadis libraries

A perl module for verifying OpenID identities. This library is a port of the Python OpenID library, and features: Easy-to-use API, Does not depend on underlying web framework, Extensive documentaion, Ready-to-use store implementation, Test suite, and Licensed under the LGPL. The Perl OpenID 1.1 library and the Perl Yadis 1.0 library are documented, tested, and ready for action. Perl OpenID 1.1 features the new JanRain API, fully extension-capable and yadis-enabled, it also includes a cgi consumer example. Perl Yadis 1.0 allows you to write filter functions to more easily extract the data from the service elements, and is now POD-documented. You can get a combined tarball here. Enjoy!

OpenID: an actually distributed identity system

OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity. The first piece of the OpenID framework is authentication -- how you prove ownership of a URI. Today, websites require usernames and passwords to login, which means that many people use the same password everywhere. With OpenID Authentication (see specs), your username is your URI, and your password (or other credentials) stays safely stored on your OpenID Provider (which you can run yourself, or use a third-party identity provider).