OK, so maybe Identity Authentication was never actually sexy. But it should be!
In my opinion, if geek is the new sexy, the guys who work on identity authentication protocols are studs.
Unfortunately, the only time we hear anything about identity authentication is when our Internet or “digital” security is threatened. Case in point: Heartbleed. And even then, the media seldom turn to the real geeks in the trenches. They tend to cover the more futuristic solutions like eyeball scanners.
But what is happening right now on this front? Is there anything we – as average digital users – can do to protect our online identity? One thing we can control is how we choose to sign in to the websites and online services we frequent.
But what is the best choice? Should we use our personal email address? Should we sign in using our favorite social networking site? Personally, I don’t think we can make such decisions without knowing something about identity authentication solutions.
OpenID Connect: An Unsung Identity Authentication Solution
Granted, I am a bit geekier than the average digital user, and attempt to keep up with advances in identity authentication protocols – especially from front runners like OpenID. And I was particularly excited when the OpenID Foundation launched OpenID Connect back in February – in what now seems like an almost clandestine release.
So, I asked myself: Why is this not mainstream news? Why aren’t more people – geeky or not – more excited about OpenID Connect?
Then I took a long, hard look at the OpenID website and realized that most eyeballs will start glazing over in no time. Not unlike my students who make the mistake of asking me “how” something works.
In their defense, the OpenID Foundation does write for their target audience of web developers – which is an important blogging tactic. But it is unfortunate that there isn’t at least one post aimed at explaining what it all means to the average digital user. I will attempt to do that here.
OpenID: You’ve Come a Long Way, Baby!
When OpenID first came on the scene, it felt more like an experiment. It seemed only diehard geeks were securing OpenIDs – which back then meant creating a ridiculously long URL that could be used as authentication on only a handful of websites.
But OpenID has come a long way since then. The latest version, OpenID Connect, is a potential identity authentication solution for anyone – from small websites to mobile app developers – who want a secure way to keep their visitors’ identity safe.
And for the rest of us, this means a secure way to share our identity without having to create an infinite number of user accounts; and to take control over what we are willing to share on any given site.
OpenID Connect: The CliffNotes
OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files. OpenID Connect is a set of protocols (or standards) that are used by developers and identity providers (IDPs) like Google, WordPress, Verisign, Salesforce, AOL, Yahoo!, and quite a few others.
Generally, the way it works is that protocols are made available in libraries that apply to different programming languages and environments (like websites or apps). Developers then integrate the libraries into their own services, allowing their users to sign in using the IDP of the user’s choice.
In other words, it allows you to use your Google, Yahoo!, or AOL account – for instance – to sign in to a completely unrelated site, service, or app without giving away any of your login information.
The protocols simply allow the developers to speak the same language as the identity provider so they can authenticate that a user is who they say they are. Thus developers do not need to store usernames and passwords. That is left to the providers, who are better equipped to keep that information (OUR information) safe.
Here is a video from the Chairman of OpenID that developers should appreciate.
But before your eyes start to glaze over, let’s look at what this means to us, as end users. Developers can read more about implementing OpenID Connect at the OpenID Foundation website.
The OpenID Advantage: A Step by Step Demonstration
OpenID Connect Advantage One: Convenience
You may have noticed lately that more and more web and mobile services offer you the choice of signing in using a number of different services like Google or WordPress. When you take advantage of this option, you may already be using OpenID Connect.
In our example, I am attempting to sign in to the OpenID membership area. I am given the choice of creating an account with OpenID or signing in using an existing account with Google, WordPress, Yahoo!, AOL, or VeriSign.
Chances are, you are signing in with OpenID Connect if the choices you are given are a collection of the “big” OpenID IDPs like WordPress, Google, Yahoo!, or AOL – or if you see OpenID as one of the choices.
I choose WordPress in this example and am given a screen to enter my WordPress username. Note: This login process is associated with my WordPress.com account – not with one of my self-hosted WordPress websites.
OpenID Connect Advantage Two: Security
Here is where the power of a protocol like OpenID Connect – as far as protecting my identity – really comes to light. I can rely on the layered authentication of an established service like WordPress for added protection of my identity.
Before I can sign in with my WordPress account, I need to verify that I am who I say I am by entering a verification code.
WordPress uses Google Authenticator, a mobile authentication app, that sends randomly changing codes to my smartphone that I am required to verify before I can sign in from a new location or service.
Google offers a two-step verification method as well. So as the major IDPs like Google, WordPress, Yahoo!, etc. continue to improve upon their security methods, sites and apps using the OpenID protocol don’t need to worry about anything except keeping their protocols up to date.
This means that we can rely on the best identity authentication methods available to us, and rest easy knowing that our identities are as safe as we can make them – at least on the sites that allow us to sign in using our preferred IDPs.
OpenID Connect Advantage Three: Control
Once I verify my WordPress account, I am presented with a screen that gives me control as to what I want to share with the OpenID site. These choices will be different depending on which IDP you use; but the point is that you get to choose what is shared.
In this example, I can also control whether to always share my identity with this site, or just this one time.
OpenID Connect Advantage Four: Choice
Later on, when I go back to the OpenID site, I am given a choice to sign in with my WordPress credentials again, or use a different account.
This option may not be available on every site that uses OpenID Connect. But on the sites that do utilize the option, it gives me the freedom to change whenever I like. So if I decide that Google is offering better identity protection, I can choose to use them as my preferred IDP instead.
Notice that Facebook is not mentioned here. This is because Facebook uses its own protocol called Facebook Connect. So if Facebook suddenly decides to change its protocol, you are stuck with those changes.
And, as we have seen, there is no reason to get stuck. We have choices now as to which service we want to trust with our identity, what information we wish to share, and whether we can switch if we change our minds later on.
Take Charge of Your Digital Identity!
I recommend choosing one or two Identity Providers you trust, and use them as often as they are offered as sign-in options on the sites, services, and mobile apps you frequent.
I also recommend going one step further by asking providers which protocols they use and what your options are should you decide to switch.
After all, the choice is yours!
Author: Deltina Hay
DeltinaU founder, Deltina Hay, is the author of The Bootstrapper’s Guide to the Mobile Web and The Social Media Survival Guide. Deltina developed the graduate, Social Media Certificate program for Drury University, and serves as the board chair of the Independent Book Publishers Association.