Simon Willison / simonwillison.net Being-Digital10th June 2008

URL-based identity with

?

?Windows Live ID

Centralised SSO betrays the principles of the Web

OpenID is a decentralisedmechanism for SSO

With OpenID 2.0, you just have to specify your provider

OpenID lets you prove that you own a given URL

last.fm

Upcoming

Common misconceptions

• OpenID complements your existing user database; it doesn’t replace it

• Spammers have OpenIDs too! You still need to take your own measures to verify the morality of your users

• Having your eggs in one basket means you can take extra steps to protect that basket

Hardware tokens