What is OpenID?
OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be at their blog, photostream, profile page, etc. With OpenID you can easily transform one of these existing URIs into an account which can be used at sites which support OpenID logins.
OpenID
Difference between OpenID and conventional authentification form?
The difference is that the identification will be decentralized to an external site (for example Wordpress, Yahoo, ...). The website will know whether or not the identification is OK and let you login. Conventional website authentication performs a comparison with data held in a private database, so your username and password can be used to login to this website only. With OpenID you can use the same credentials on multiple websites.
How it works?
Steps
- User connects to OpenID enabled website.
- User enters credential information.
- A POST is made with a BASE64 (website to provider)
- An answer is built (that contains expiration)
- The website redirects the user to the provider to login.
- User enters password and submit.
- Verification is done.
- Login!
Little late to the game but I was able to get this working with some hacks I found around the interwebs.
First. Yahoo. To get Yahoo working all I had to do was change the JavaScript to use me.yahoo.com instead of just yahoo.com and it worked perfectly with the version of the Zend Framework I'm using. Unfortunately Google still wasn't, so some hacking was in order.
All of these changes go in Zend/OpenId/Consumer.php
First, in the _discovery
method add the following on the series of preg_match checks that starts at around line 740.
} else if (preg_match('/<URI>([^<]+)<\/URI>/i', $response, $r)) {
$version = 2.0;
$server = $r[1];
I added this right before the return false;
statement that's in the else {} block.
Second, in the _checkId
method you'll need to add 3 new blocks (I haven't dug around enough to know what causes each of these three cases to be called, so I covered all to be on the safe side.
Inside the $version <= 2.0 block, you'll find an if/else if/else block. In the first if statement ($this->_session !== null)
add this to the end:
if ($server == 'https://www.google.com/accounts/o8/ud') {
$this->_session->identity = 'http://specs.openid.net/auth/2.0/identifier_select';
$this->_session->claimed_id = 'http://specs.openid.net/auth/2.0/identifier_select';
}
In the else if (defined('SID') block add this to the end:
if ($server == 'https://www.google.com/accounts/o8/ud') {
$_SESSION['zend_openid']['identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
$_SESSION['zend_openid']['claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
}
And then after the else block (so outside the if/else if/else block all together, but still inside the $version <= 2.0 block) add this:
if ($server == 'https://www.google.com/accounts/o8/ud') {
$params['openid.identity'] = 'http://specs.openid.net/auth/2.0/identifier_select';
$params['openid.claimed_id'] = 'http://specs.openid.net/auth/2.0/identifier_select';
}
Link to the bug in Zend Framework Issue Tracker
Best Answer
As numerously pointed out, the whole OpenID idea is too difficult to grasp for non-techie users. You've come to the site X, you then are suggested to choose between sites Y1, Y2,..., Yn, go there, register there, then return to the site X and login here by being temporarily redirected to the site Y again.... brain fart is guaranteed.
Most common suggestions are to support both authentication methods, classic for normal users and OpenID for those who's into the idea. Even there, depending on the nature of your site, you might require some minimum of registration information, so you have to display the same registration form just after initial OpenID sign-in before allowing users to continue to the site which rather makes the whole OpenID idea pointless.
For some sites like SO where there is no information about a user is required, this could work. On some others like social sites, you have to specify at least gender and age, this will be more difficult.
As for the Japanese users, I believe it's no difference. It will be equally easy or complicated for all nationalities.
ADDITION: I can communicate my personal experience with the first encounter of OpenID here at SO. I have to shamefully admit it took me more than one day to get into SO. First, I read SO comments on what it is and how it works. Then I follow the Google link but only get some error message. I didn't know how to use it so I tried to replace the "login" part of the link with my login name but was only getting weird error messages about not configured endpoints or something. I had no idea what they meant and how to proceed so I dropped it. A few days later I returned, tried again, it still didn't work, so I dropped it again. Then a few more days later I returned again and now it somehow worked. Maybe it was a temporarily outage on the Google's side. Who knows. But I only returned because I had a sufficient level of curiosity and motivated to get onto SO which is rather unique. If your business is unique as well then the users will eventually be getting it. But if there are many competitors who are just as good as you are, there is a good chance your potential users will be going there and never returning back to solve the OpenID mystery.