OpenID is being touted as the way forward in allowing the chaos of user identity management to brought to a manageable level. OpenID has been available for a while, but has finally started to build traction primarily because the “big boys” of the Internet have decided to get behind it. Unfortunately, what is being said and the reality are two different things.

Google, Yahoo, Microsoft have all setup their own “unique” way for other websites to allow access to their user data with each requiring their own login step (and appropriate logos) to sign in. My initial naive exception was that I could key in a username and password and I would instantly be logged into the website that supported “OpenID”. Sadly that isn’t so, and the mess is left to  you to implement a login system. I won’t go into the theory behind OpenId as that is already well covered by many sites including Google, OpenID itself and by various articles. I will however include a diagram which illustrates the steps behind an login process as it is useful to keep in mind when implementing it.

(more…)