Exploring OpenID and identity 2.0 resources

For awhile I have been following a concept called OpenID. But I had never taken any concrete steps to learn more. But last week Web Worker Daily had a post about a very interesting new OpenID service, called Vidoop. Vidoop is an OpenID provider, so when you sign up with them you get an OpenID that looks like: http://username.myvidoop.com.  The really cool thing about Vidoop is their login system, it’s image-based. You select several image categories, such as cars or flowers. Then, whenever you log in you enter the characters next to the images in your selected category. This adds an interesting layer of security to their service.

So I signed up with Vidoop and also explored some additional OpenID resources. OpenID.net appears to be the official OpenID website for the OpenID Foundation, and they have some great descriptions of OpenID. The cool thing is that many people already have an OpenID and may not even know it. They also link to a great tutorial about claiming your website as your OpenID.

The great thing is that this was all very easy to do. Signing up for a vidoop OpenID, then putting the code necessary in a webpage, to make that an OpenID took just a few minutes.  And the coding was minimal, you don’t have to be a super developer to get it done.

The unfortunate part is that many websites, even ones that are OpenID providers don’t necessarily allow OpenID login. However, the tutorial links to website where you can test your OpenID. I was also able to successfully change my Backpack account to an OpenID login. So now whenever I log into that service I can use an OpenID, something like http://www,jasoneiseman.com/blog, and not have to worry about entering a username and password. 

I’m not really sure why this doesn’t have more traction. I guess there are security concerns, and the concept may be difficult to get. But once you dive in start working with it, it’s pretty simple and powerful. If more services used it, one could conceivably just have to log in to a single service to access all the different websites you use.

For some more discussion of this problem, see this fantastic presentation by Dick Hardt of Sxip Identity, and the Identity 2.0 website.

I should also say that I think this is an area libraries need to look at more closely. Often librarians talk about federated search being an answer to the problem of bringing together disparate library resources, but I think digital identity is something that gets overlooked. Library cards, and online library website sign ons are just more usernames and passwords that patrons/users need to remember.

Of course there are problems with this as well. Access to databases, holds, and other web services are generally restricted to people with library cards. So how do you verify that the person logging in with the OpenID is the person with the library card? Web services don’t have the same county/state/local tax issues libraries have, and don’t have to worry about how is using the service.

But the potential is so great also, if someone could figure out the logistics. Libraries could become OpenID providers, creating a sort of digital library card which can be used to access library resources as well as any websites that accept OpenID. I’m just thinking out loud on this though, maybe it will be clearer as the technology becomes more mature.