Really well illustrated explanation! I just love this kind of whiteboard sketches, I always understand concepts the fastest by that way.

Another problem is that passwords are systems codes, so we shouldn't expose a user to too many of them. See PasswordlessLogin on MeatballWiki.

Popular on complex

OpenID is a SCAM run by Google etc to OWN you online identity,

OpenID is anything but open, unless you consider your identity being owned by Google, Microsoft, Facebook and Twitter to be open.

If your OpenID is an email address or username, you are already OWNED!

Warning:  OpenID can and do cancel ids without any notice, meaning you instantly lose all you content and connections.

If you use OpenID they OWN you online life.

Great video.... 

Haha, nice. In real life this would mean we all have our own bodyguard and whereever you go, he, or she, goes with you and whenever you want something and you ask a third party for what you want, e.g. a bread or a beer, the bread and beer seller will ask your bodyguard if you really really want to buy these items, where it should be delivered and what prize you'd be paying. Then your bodyguard tells you all this, might even give you advice on the matter. Needs getting used to, i guess..

Good stuff, myvidoop!

Very good clear description. So this makes it much easier for users to validate their email with sites that offer openid. But a pain for web developers who need code to ask for authentication to all the large openid providors! Is this correct? or have i got it wrong?

@visitchester

There is of course some devopment involved, but the beauty is that the programmers don't need to make special code for each trusted site (aka "relying party"). They all talk to each other the same way. The username is actually a domain name, on which some html/xml code points to the OpenID provider.

cool 2001 reference :)

"I'm afraid I can't let you do that, Dave."

That phrase sounds vaguely familiar. :)

2001 a space odyssey :D

So now I have to give my ID info to all my websites +1....myVidoop. I don't think so.

It's more secure than without.

Most openID sites also allow myspace, gmail, wordpress etc accounts.

Best explanation I've ever watched to, congrats!

Before:OpenID? Hmm, not sure! ;-(

After: Thank you for making OpenID easy and visual. I´ll get mine.;-)

LOL that's a good video! Funny, i always misread MyVidoop and used to pronounce it my-video-op.

I had this strange idea that it had to do with videos!

the authentication part is fine

but the email part is wrong, I don't want to use the same email for every site I sign up for.

There are many solution to the too many users and passwords problems.

this soluiton requires sites to implement it, that's never going to happen with enough sites to become a real solution for the user (and the big ones will not want to do this at all)

isn't this like cardspace? (or whatever it was called) I'd rather use a plug in that saves my passwords locally

That is why you get a Junk Email for signing in sites and a private email for friends that way you don't have to deal with the ads and all that fun stuff.

not sure what you mean. this solution, in the video, it won't let me know who sold my email address so I can stop giving them my business.

I use a different "virtual" email address for every site I sign up, if I get spam, I know who's the guilty site and I can boycott them. It also makes it easy to block this "virtual" address so I don't recieve spam.

@EShy1 thats effort

@EShy1

One way to implement that strategy in OpenID would be to have your OpenID provider generate new "virtual" email adresses for each trusted site. In other words, when a trusted site asks your OpenID provider for your email address, the provider automatically generates a new address and passes that to the site. I don't know of any OpenID providers that do this, but it should definately be possible.

This is a disaster. There exist several ways to gain access to any server that checks with an IDP : One way that is not impossible is by using DNS poisoning so the service asks a fake IDP about "is this dave ?" ( or anyone else you wanna gain access for ) and always get yes answer.

Superb explanation for noobs.

I'll stick it in my blog so I know where to find it!

Thanks, myvidoop.

Microsoft Passport

never heard of myvidoop before but this is a good intro 101 to openid - well done.

Cool animation, but the technology seems to be "centered" around the identity provider not the user! As known there may be several security problems with such a model.

Great, OpenID is easy! Now, can you make a video for SAML? I still don't get it.