Man created the Internet and man put it to abundant use. Man made it so popular and easy that anyone could use it. Man shared information over the Net. He shared sensitive information over the Net. And man then cursed the Internet for being insecure. If man can make it, he can break (read hack) into it as well. So now, he tries to secure himself so that he can still share information over the Internet, as he cannot do without it. There have been many security issues right from the beginning. Password hacking (actually cracking), hacking is doing it for need and cracking is doing it for greed. Then there has been sensitive information stealing, credit card transactions misuse etc. There has been a lot of research for securing passwords and transaction over the Internet- Encryption-decryption, cryptography, quantum cryptography, secure electronic transactions, payment gateways and many more.
Open id or open identity is another means to secure passwords by using centralized standards. It allows users to log into various sites that use Open-id by using a single digital identity or digital signature that is provided by the Open id providers. In layman terms, Open id is logging in and providing a password only once, and still being able to log into other sites without providing the password to all of them. It is only the Open id provider who keeps the password and provides an identity to the user and also, authenticates the identity whenever a website needs to authenticate the user. Thus, since the password stays with the Open id provider, it is more secure and effective.
Now, a word (actually, many words) about the technical aspect of Open id.
Elements or parties associated with Open id:
- End user
- Identity provider or Open Id provider
- Relying party
- Server or server agent
- User agent
For a complete cycle of accessing a site using Open id, an end user has to first register with an Identity Provider or Open id provider to obtain an identifier. The identifier can either be a Uniform Resource Locator (URL) or an Extensible Resource Identifier (XRI). The identifier identifies each end user uniquely. When a user wants to access any page of a Relying party (a relying party is basically a service provider whose service is needed by the End user, but securely), he/she enters his Open Identifier (which can be URL or XRI). The relying party login page, does not ask for username and password, it only asks for the Open id. Now, the relying party visits the web page located at that URL to verify the Id entered by the user. After that, there are two modes by which the relying party can communicate with the Identity Provider.
- The relying party requests the provider not to interact with the user
- The relying party requests a mode where the user communicates directly with the provider to control the interaction.
The mode where the user interacts directly with the provider is used more commonly on the Web.
The provider first verifies whether the relying party is genuine or not using a ‘Shared Secret’. Then the provider asks the user for his Open id password, and then asks whether the user wishes to trust the Relying party. If the user declines, the Relying party is notified that authentication has been rejected. If the user agrees, the Relying party is assured of the authenticity, and the Relying Party then verifies whether the authentication came from a valid Provider. The connection is complete, and the user can now use services of the Relying Party.
There are a number of benefits of using Open Id. Apart from providing security, it also saves login time. Also, there is no need for remembering multiple usernames and passwords. Most importantly, one can have a greater control over their activities over the Net. There are also various versions of Open Id available which provide secure communication in different ways, but ultimately perform the same task.
As of December 2009, there are 1 billion Open Id’s on the Net and around 9 million sites support Open Id’s. Some of the Open Id providers are AOL, Orange, and VeriSign etc.
Look around you will find open id everywhere (Google, Yahoo, AOL), photo stream (Flickr) or blog (Blogger, WordPress, LiveJournal)
Stay digified !!!