Sharing authentication data between multiple Web sites has long been desired, but various solutions to the problem of federated user identities have failed to gained traction. The Sun-led Liberty coalition, for example, attempted to create broad agreement on the Java-based identify standard, while Microsoft competed by embedding Passport within all of its Web-based services. However, users didn't want to trust either Microsoft or Sun, or their business partners, with login details to many sites that require some form of authentication.

More recently, however, OpenID has slowly been emerging as an authentication standard that consumer-facing Web sites, and their users, actually embrace. AOL provides OpenID authentication to its users, and this week Yahoo announced that would soon offer OpenID authentication to its quarter billion account holders. LiveJournal, WordPress, and a host of smaller Web application providers have already signed for OpenID.

One attraction for OpenID is that it provides a decentralized authentication and identity scheme not controlled by any one company:

OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be at their blog, photostream, profile page, etc. With OpenID you can easily transform one of these existing URIs into an account which can be used at sites which support OpenID logins...

OpenID has arisen from the open source community to solve the problems that could not be easily solved by other existing technologies. OpenID is a lightweight method of identifying individuals that uses the same technology framework that is used to identify websites. As such, OpenID is not owned by anyone, nor should it be. Today, anyone can choose to be an OpenID user or an OpenID Provider for free without having to register or be approved by any organization.

The relatively broad support for OpenID also meant that large service providers with a strong stake in making any authentication scheme user-friendly, have contributed to OpenID's usability. One such company is Yahoo, who has contributed to OpenID 2.0 standard, and is now adopting the standard for its own users. According to Ash Patel, Yahoo's Executive VP for Platforms and Infrastructure:

Yahoo!'s implementation is based on the OpenID 2.0 specification, which Yahoo! worked closely with the OpenID foundation and community to finalize in December 2007, and includes new features that improve security and usability of OpenID, making it the most user-friendly single sign-on and online user-authentication standard. Yahoo! users who log in with their Yahoo! ID on OpenID sites will have the added protection of Yahoo!'s sign-in seal wherever they go on the web. In addition, no email or IM addresses are revealed or disclosed as part of the login process, which further helps protect users from phishing or other attacks...

Yahoo!'s initial OpenID service, which will be available in public beta on January 30, enables a seamless and transparent web experience by allowing users to use their custom OpenID identifier on me.yahoo.com or to simply type in "www.yahoo.com" or "www.flickr.com" on any site that supports OpenID 2.0...

Alternatively, web sites that accept OpenID 2.0 will be able to add a simple "Sign-in with Your Yahoo! ID" button to their login pages that will make it even easier for their users. Yahoo! is working with several partners, including Plaxo and JanRain, to make it possible for users to access these sites with their Yahoo! ID from the first day of the public beta...

Initially, Yahoo will become an OpenID provider, making Yahoo IDs eligible for OpenID authentication. Later, Yahoo will also accept OpenID authentication from other OpenID providers, according to Yahoo's Jeremy Zawodny:

Oh, and before anyone jumps on me about this not being "full" (meaning bi-directional) OpenID support, I'm quite aware of that. Consuming OpenID is a different beast that can't happen overnight. Give it some time. I'm optimistic that we'll get there.

What do you think of OpenID as an authentication scheme?