Wednesday, December 08, 2010

Open ID and API's. What Are They And How They Work?


In today's wonderful computing world you have a number of really popular companies (such as twitter, Google and Facebook to name a few) and they have a huge user base. To allow these users access to your web services you can use something called an API (Application Programming interface). An API allows a programmer to integrate a product or service into their particular product or service (such as a wordpress blog). A popular example would be having a GMail account and creating or accessing Your Wordpress account. This is made possible by their APIs which is why you see buttons like "Connect with Facebook" or "login with your GMail Account".

Now a good API that most people should have integrated into their website is Open ID. OpenID is a safe, faster, and easier way to log in to web sites. http://openid.net/. This way a user can use an account they already have (so long as that account uses open id) to login and join your site or web community without the user having to fill out another sign up form. This can be very useful when setting up a website with a CMS like Wordpress. The web developer that sets up such a site can then allow you to use an open ID login to access the site.

 

Who currently uses the Open ID Standard?

Google

Look for the “Sign in with a Google Account” button or use your Google Profile URL

Yahoo

Look for the “Sign in with Yahoo” button.

Yahoo! Japan

Look for the “Yahoo! JAPAN IDでログイン” button.

LiveJournal

Enter “username.livejournal.com”

Hyves

Click the “Sign in with Hyves” button.

Blogger

Enter your blog URL: “blogname.blogspot.com”

Flickr

Look for the “Sign in with Yahoo” button or use your photostream URL

Orange

Click the “Sign in with Orange” button or enter “orange.fr”

mixi

mixi is a web service that allows users to communicate with their friends and acquaintances.

MySpace

Look for the “Login with MySpaceID” button or enter “www.myspace.com/username

Wordpress

Enter your WordPress.com URL, for example: “username.wordpress.com”

AOL

Look for a “Sign in with AOL” button or enter “openid.aol.com/screenname

Chi.mp

Chi.mp allows you to create your own social hub on an OpenID domain you own and control.

ClaimID

ClaimID is an easy way to manage your online identity with OpenID.

myID.net

myID.net is an OpenID provider with support for groups and the Korean language.


myOpenID

myOpenID is the first standalone provider for both individuals and businesses, with secure multi-factor authentication.

Verisign

VeriSign’s Personal Identity Provider is an OpenID provider with support for multi-factor authentication.


Your Internet ID

Your Internet ID lets you build a social identity to use on the web.

Facebook

Please note who is notice who is missing from the list most noticeably Apple and Microsoft.

 

What are some benefits of using OpenID?

Most websites ask for an extended, repetitive amount of information in order to use their application. OpenID allows you to sign in to websites with a single click. Basic profile information (such as your name, birth date etc) can be used to pre-populate registration forms, so you spend more time engaging and less time filling out annoying registration pages.

Allowing the user to use Open ID will help reduce frustration and keep the user to a minimum number of multiple usernames and passwords which they may find difficult to remember. Since password recovery process is tedious the user will be more inclined to use the site that makes it easiest for them to use. However using the same password at each of your favorite websites poses a security risk. With OpenID, you can use a single, existing account (from providers like Google, Yahoo, AOL or your own blog) to sign in to thousands of websites without ever needing to create another username and password. This makes OpenID is the safer and easier method to joining new sites.

OpenID is a decentralized standard, meaning it is not controlled by any one website or service provider. You control how much personal information you choose to share with websites that accept OpenID. Multiple OpenIDs can be used for different websites or purposes. If your email (Google, Yahoo, AOL), photo stream (Flickr) or blog (Blogger, WordPress, LiveJournal) serves as your primary online presence, OpenID allows you to have a portable identity across the web.

Many web users deploy the same password across multiple websites. And since traditional passwords are not centrally administered, if a security compromise occurs at any website you use, a hacker could gain access to your password across multiple sites. OpenID is more secure because passwords are never shared with any websites, and if a compromise does occur, you can simply change the password for your OpenID, thus immediately preventing a hacker from gaining access to your accounts at any websites you visit.

Open ID Trusted SitesSince the focus of most OpenID providers (such as Google, Yahoo and AOL) is in identity management, they can be more thorough about protecting your online identity. Most website operators are less likely to be as dedicated to protecting your identity as the OpenID providers, whose focus is on securely hosting user identities.

Plugins such as the Wordpress Open ID plugin allows users to login to their local WordPress account using an OpenID. This also allows the enabling of commenters to leave authenticated comments using OpenID. The plugin also includes an OpenID provider, enabling users to login to OpenID-enabled sites using their own personal WordPress account. XRDS-Simple is required for the OpenID Provider and some features of the OpenID Consumer.

Developer documention for the Wordpress Open ID API, which includes all of the public methods and hooks for integrating with and extending the plugin, can be found here.

 

If you have any questions or comments please tweet them to me @trevortye on Twitter or email me

Posted via email from The OptionKey Blog

How to migrate PFSense Over to KEA DHCP Server from ISC DHCP Server

I am a PFSENSE User and I manage PFSENSE for some other organizations and the time has come to make the switch for the DHCP Server over to K...