OpenID and Identity Services

In response to my previous blog post about identity services, I received the following question from Billy:

“isn’t this what OpenID aims to do? If not, how not?”

OpenID can be a small (but key) part of the identity services story. The main problem that OpenID tries to solve is one that most people who use the internet extensively face – that of too many usernames and passwords. Instead of having to remember a username/password combo for each website I interact with (Google, Yahoo, Flickr, Magnolia, banking websites, blogs, etc), I can set up and use a single OpenID account at all those websites instead. OpenID also hopes to provide a number of technological advantages to the whole authentication experience by figuring out ways to prevent phishing and pharming attacks.

So OpenID’s main aim is at providing a secure, scalable solution for the authentication service in the identity stack (see below for the latest diagram of the identity services stack, or read our whitepaper on the subject). To a lesser extent, it also hopes to help the identity provider and authorization services by becoming a transport container for identity claims that drive these services.

Identity Services Stack

The vision for identity services has always been that applications should use only those services that they need, and not be forced to use every single service. So simple web applications with minimal needs could get away with simply supporting OpenID. But that should not be confused with not requiring a full-fledged identity services infrastructure where appropriate.