Skip to main content

Open Authentication in the Web 3.0: OpenID and OAuth

We are soon approaching the end of the semantic web with great user interaction and user-generated content, known as Web 2.0. The web, since its beginning in the 90's, has been envisaged to go through two major generations, which we call Web 1.0 and Web 2.0. While Web 1.0 was largely related to content generated by professional websites, Web 2.0 came with a lot of social media sites and social networks, in which anyone from anywhere could interact seamlessly.

Now, we are about to move into the third generation of the Web, Web 3.0, which will strengthen the foundation laid by Web 2.0, by providing smoother authentication and identity protocols. Two major technologies enabling this form the topic of today's post: OpenID and OAuth.

What Are OpenID and OAuth?

OpenID is a user identification standard, which lets you sign on various services with the same identity. It's just like a URL, with some special code enabled in its target page. With OpenID, when you sign up on a new service (that has enabled OpenID login), you don't need to register upfront. Simply click on the OpenID login and provide your OpenID URL in the field.

You will be automatically redirected to your OpenID provider (see below) where you will sign in. Bingo! You have access to all features of the new service.

In simple terms, OpenID saves you time; you don't need to register in any OpenID-enabled services. Many web services have already adopted this type of authentication and many are about to.

On the other hand, OAuth allows you to have secure API authorization. Which means, with this technology, you can give authorization to any web-based entity to access and use your data, residing in any other platform. But this is no insecure process, as you decide on what data the third party can access and what level of usage it has. This is like the valet key of your car, which you give to the parking lot attendant; this key doesn't allow the attendant to drive the car more than about a mile, and cannot be used to open anything else in the car.

Check out more information about OAuth.

How Do I Get OpenID?

OpenID is nothing but a URL, with a special authentication code attached at the target page. Surprisingly, you may already have your OpenID. For instance, users of Blogger, AOL, Flickr, LiveJournal, Technorati, WordPress, Yahoo, etc., already have their OpenID. Here they are:

  • Blogger: Your blog URL (blogname.blogspot.com)
  • WordPress: Your blog URL (blogname.wordpress.com)
  • Yahoo: Find details at openid.yahoo.com
  • Technorati: Technorati.com/people/Technorati/username
  • AOL: openid.aol.com/screenname
  • Flickr: flickr.com/photos/username

When you go into OpenID enabled websites such as Wikitravel, Magnolia, etc., just click Log in and you will be directed to a login page, where you will find an option to log in with OpenID. Click it. Simply provide your OpenID URL (any of the above) and click Log in. You will be directed to whichever provider you use and log in there. That's it and you will be automatically authenticated at Wikitravel.

Beware of Phishing

There is always ways to cheat users in OpenID authentication. This deception can happen at the time of redirecting to your OpenID provider. Let's assume you are using Blogger. When you provide your Blogger URL at the login page of any service, check to make sure that you are actually redirected to legitimate Blogger login page itself. Check the address bar of the browser.

If it's some other page with a layout similar to Blogger, don't provide your Blogger ID and password. They are linked to all of your Google services like Gmail, Adsense, Adwords, and more. In this case, you will be divulging your information with an unknown provider, and thus will be compromising all your data. So, make sure you are redirected to original provider page itself. This type of security threat is known as Phishing attack.

How to Enable OpenID on Your Private Website?

You can use your private website URL as your OpenID. Simply follow these steps [As provided by Sam Ruby at OpenID.net]

1. Go and sign up at MyOpenID to create your own OpenID (something similar to yourname.myopenid.com)
2. Place the following code into the header of your website (anywhere after <head> and before </head> tags).
<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="Your OpenID at MyOpenID.com here" />

That's it. You can now use your own blog URL to log in anywhere. For more information about OpenID, please go to OpenID.net.

Conclusion

OpenID and OAuth are tomorrow's authentication and authorization protocols. Any web service that don't use this will simply be going out of business slowly and gradually.

Comments

Popular posts from this blog

What Is the Difference Between Hardcover and Paperback?

Today, my reader, Rahman contacted me with a doubt:

Dear Lenin, would you explain why there are two types of books: hardcover and paperback?
This is quite a simple affair and there are explanatory articles to be found at various places on the Net. Here is my addition.

Hardcover

A hardcover aka hardback is a book bound with thick protective cover, with usually a paper or leather dust jacket over the main cover. The aim of hardcover is protection and durability. These books are mainly for long-term use and collectors’ editions. Hardcover books last far longer than the corresponding paperbacks. They do not get damaged easily thus making them perfect for reference guides, great literary works, etc.

In addition, there is a difference in the type of paper used to print hardcover books. The paper used is long-lasting acid-free type. Acid-free paper has a pH value of 7 (neutral) which makes it highly durable. The papers are stitched and glued to the spine.

Hardbacks are prepared for commercial …

En Dash, Em Dash, and Hyphen

We have three types of dashes in use: The hyphen, En Dash, and the Em Dash. In this post, we will see how to use them all correctly.

Hyphen (-)

The hyphen is the minus key in Windows-based keyboards. This is a widely used punctuation mark. Hyphen should not be mistaken for a dash. Dash is different and has different function than a hyphen.

A hyphen is used to separate the words in a compound adjective, verb, or adverb. For instance:

The T-rex has a movement-based vision.
My blog is blogger-powered.
John’s idea was pooh-poohed.


The hyphen can be used generally for all kinds of wordbreaks.

En Dash (–)

En Dash gets its name from its length. It is one ‘N’ long (En is a typographical unit that is almost as wide as 'N'). En Dash is used to express a range of values or a distance:

People of age 55–80 are more prone to hypertension.
Delhi–Sidney flight was late by three hours.


In MS Word, you can put an En Dash either from the menu, clicking Insert->Symbol or by the key-combination, Ctrl + Num…

What Is the Meaning of the Word 'Ghajini'? Story and Trivia of Aamir Khan's New Film [Special]

[Special Entry]



Aamir Khan's latest film is titled a little weirdly for the taste of Hindi filmgoers. 'Ghajini': They have never heard of such a name, and such a word never existed in Hindi or in any other Indian language.

The name Ghajini is the name of the villain of the film. In Tamil version, the name of the villain was Laxman.

As a Tamil moviegoer, I have already watched Ghajini and know the story in full.

So, What Does the Title Mean?

In Tamil, the title of the film is inspired by the story of Mahmud of Ghazni, an ancient invader of India. This person was so persistent in invading India that he continued trying after several failures. In the film too, the protagonist is such persistent in finding out and killing the villain of the film, who had killed his girlfriend, Kalpana (played by Asin). Aamir's Character (named Sanjay Ramaswamy in Tamil), is a short-term amnesiac, who cannot remember anything more than fifteen minutes.

You may ask then how the Ghazni became…