Kiran Dandekar made an entertaining point out of demonstrating the variety of information that has be made available about him in different contexts like business, community, family or alumni. The problem is, he stated, that identities and identity attributes are site centric on the web, so you have to start from scratch entering this information on every site and even identifying yourself, as opposed to when you – for example – board in the airport, and all the airline need to verify your identity is your driver’s license. The driver’s license is not issued by the airline, but nevertheless is accepted to identify you, because the issuer of the identity is trusted.

Kiran and his coworkers at Verisign want to make this possible on the web - enter OpenID: An open, extensible, perpetual and not least user managed authentication service that anyone can use, and anyone can use. Ideally, everyone should have just one single ID – a domain – and password to identify themselves everywhere on the web. Why a domain? Because domains are the only truly global unique identifier today – a username is too narrow a scope. Kiran underlined that OpenID focus solely on authentication (or identity, as they called it), and that authorization and access control are still left to completely to the site.

OpenID also provides a profile, so each person only has to enter her data once, and are then able to decide which pieces of personal information each site should be allowed to access. The information is provided through attributes, and the concept is that you can do a “challenge”, e.g. ask “Is user 21 or older?” and get back true or false without ever learning the users birthdate.

OpenID is supposed to be fairly easy to use with Rails, as both gems and plugins has been created to work with it, so since all sites need user authentication anyway, it might be worth a shot. Examples of real sites using OpenID include LiveJournal, Wikimedia, ClaimID and several others.