Currently users are required to create individual passwords for many websites they visit, but users would prefer to avoid this step so they could visits websites more easily. Similarly, many websites on the Internet have asked for a way to enable users to log into their sites without forcing them to create another password. If users could log into sites without needing another password, it would allow websites to provide a more personalized experience to their users.
In September we announced some research that we shared as part of an effort by the OpenID community to evaluate the user experience of federated login. Other companies like Yahoo have also published their user research. Starting today, we are providing limited access to an API for an OpenID identity provider that is based on the user experience research of the OpenID community. Websites can now allow Google Account users to login to their website by using the OpenID protocol. We hope the continued evolution of both the technical features of OpenID, as well as the improvements in user experience. will lead to a solution that can be widely deployed for federated login. One of the companies using this new service is www.zoho.com. Raju Vegesna at ZoHo says that "We now offer all our users the ability to login to ZoHo using their Google Account to avoid the need to create yet another login and password."
The initial version of the API will use the OpenID 2.0 protocol to enable websites to validate the identity of a Google Account user, including the optional ability to request the user's e-mail address. Below is an example of the flow that a user might see if he or she starts at a website that uses this new feature:
The website could use a modified login box that looks like the one below. If the user enters a Gmail address and indicates that he or she does not have a password for this site, then the site can redirect him or her to Google.
The user would then be taken to the Google website and asked to confirm whether he or she wants to sign in to KidMallPics.
Finally, the user would be redirected back to KidMallPics, where he or she would be immediately signed in.
More information about this new API can be found on the Open ID page in Google Code. To request access to the limited trial, please visit our Google Federated Login discussion group and register using the online registration form.
Google is also working with the open source community on ways to combine the OAuth and OpenID protocol in the future. That way a website can not only request the user's identity and e-mail address, but can also request access to information available via OAuth-enabled APIs such as Google Data APIs as well as standard data formats such as Portable Contacts and OpenSocial REST APIs. In the future, this should allow a website to immediately provide a much more streamlined, personalized and socially relevant experience for users when they log in to trusted websites.
Great work guys! This is a huge win for OpenID!
ReplyDeleteAllen, huge win, how so?
ReplyDeleteThe user enters an email address, not OpenID's vigorously promoted xri/http uri. (There are email-to-URI extensions, but they are not finished and optional.)
Technically this sign-on may use OpenID, but note the end-user is unaware, and sees nothing of it.
I'd rather think this could be a loss for OpenID as a whole. Out of sight, out of mind, you know. Curious what you think.
(BTW, I have no idea why Blogger mangles my nick name like that. It's not in my provider attributes.)
Are there any plans to accept OpenID from other providers? AT the moment I'll still need a Google OpenID for Google websites, a Yahoo! OpenID for Yahoo! websites, ad infinitum.
ReplyDeleteUntil the big players start accepting 3rd party OpenID, as well as their own, I still need multiple usernames and passwords.
It's about time! :D
ReplyDeleteit should be http://gmail.com/u/hongxiaowan
ReplyDeletefor openid like hongxiaowan@gmail.com, need to update protocol for OpenID.
Good work, but not enough. Remember compatibility...
If Google starts accepting OpenID's for logging into their various services, that would be great.
ReplyDeleteSo what's the name of my Gmail OpenID? I don't understand that. My Gmail address has the form of an email address, but my OpenID is an URL.
ReplyDeleteThis is great news - congratulations and many thanks to the Google team working on this project.
ReplyDeleteJust like to point out though - OpenID is absolutely useless if each site just works as an authentication server but doesn't accept logins from other OpenID providers..... we're back where we started with a million different logins for a million different sites unless someone bites the bullet and lets users log in with accounts initially registered on a different OpenID server!
Google, the ball is squarely in your field!
Świetna wiadomość! :)
ReplyDelete@nick
ReplyDeleteJust about every popular and publicly-accepted technology is "out of sight". That is a sign of human-ready technology.
The end-user being unaware of OpenID is fine, as long as they are USING it.
@davidowens
Google's blogger accepts OpenID from any Provider. I don't think Yahoo has any sites that accept OpenID from ANYONE, yet. I believe you're confusing the concepts of "Provider" and "Relying Party".
@hongxiaowan
Yes, the power of OpenID is in the URL. It is important that a single URL is resolved to as the final destination of an OpenID. But using an e-mail identifier as a delegator to that URL drives adoption. The reason OpenID has so much momentum around it is because the true test of a federated login IS adoption, and the OpenID community is innovating in this area like no other federated solution has before it.
@nick No extensions needed. All RPs already accept Yahoo email addresses as OpenIDs, for example.
ReplyDeleteThis is because http://username@domain.tld/ is a valid URL and can thus be used as an OpenID.
Oh gee, goodie, another OpenID provider. How about one of you big boys realizing that we don't want more providers, we want consumers. Let me loging to all my Google properties (not just blogger comments, then only thing I can tell Google allows external providers for) with my already existing, well established OpenID of choice.
ReplyDeleteOne more useless OpenID provider.
ReplyDeleteNo IDisposable and Stas, it's you two who don't understand. We DO need more OpenID providers! As a website developer, I want as many people to use my website as possible. Signing up for an account on my website - or any new website for that matter - is a hassle and people generally want to avoid that. A lot of people have a Google account, and if they can sign in with that then it's a huge win. Don't care whether I can sign in to Google with OpenID, I just want my users to be able to sign in with their Google account. Most users don't even know what OpenID is.
ReplyDeleteIt's all about usability. Grasp that, please!
URL format will equal to email format, just need to convert email to url, short code needed:
ReplyDelete1. OpenID provider give API, return the OpenID URL template:
for example: we can get the template from http://openid_url_api.zuosa.com,
Then this API will return the template like this:
http://###openid_domain###/###openid_id###
We finally need this OpenID URL:
http://openid.zuosa.com/hongxiaowan
2. Convert email format to URL format, a PHP sample:
<?php
echo openid_convert_email_to_url("hongxiaowan@zuosa.com");
function openid_convert_email_to_url($openid_email)
{
$openid_pieces = explode("@", $openid_email);
$openid_url_format=file_get_contents("http://openid_url_api.".$openid_pieces[1]);
$openid_url=str_replace("###openid_domain###",$openid_pieces[1],$openid_url_format);
$openid_url=str_replace("###openid_id###",$openid_pieces[0],$openid_url);
return $openid_url;
}
?>
Sorry, the template should be:
ReplyDeletehttp://openid.###openid_domain###/###openid_id###
E-mail is not valid OpenID URI.
ReplyDeleteYahoo resolve this problem very easy - users must just enter http://yahoo.com
Why Google can't do the same?
It is fantastic, I hope it will work in a streamline fashion across all sites instead of having multiple OpenIDs
ReplyDeleteGreat job! I wish we can use our Google ID to every web service out there :D
ReplyDelete---
Michael Aulia
http://www.michaelaulia.com/blogs
In my opinion, this looks like basically just another closed, tied-to-one-vendor authentication scheme that just happens to use OpenID internally.
ReplyDeleteI note that you expect anyone taking part not just to get your permission to use the service, but that they also ahve to hard-code a Google-specific URL and logic into their authentication code. That's hardly open or scalable.
If I went to that website, I would have no idea that I could log in with my OpenID account (which is NOT my e-mail address). Also, why would I give my e-mail address to a random website that I don't trust not to spam me.
ReplyDeleteThis is not OpenID, it's a proprietary Google API that resembles OpenID in some of the implementation details, and is in fact pulling users away from a truly open system where they can have ANY identity server they like.
No doubt other e-mail address providers could also implement this system, but not all of them would, since it's not part of SMTP.
hey guys it works
ReplyDeletehttp://kidmallpics.com
The big problem from my end as someone who runs a website is that I want to confirm that REAL people are joining the site, not just an email address. At the moment we have a large number of people joining from XYZ123@32784683246.cn, who are invariably spam merchants. Whilst I respect Google's efforts, and like the idea of OpenID, I'm still not going to accept a webmail address as proof of a "real" person.
ReplyDeleteI've found a great many sites where I've wanted to leave a comment, but didn't because of sign-up hassles....but I can' t remember which ones. Probably a sign that I didn't really need to that much. There's a balance between ease of sign-up and accountability, and at the moment the sheer hassle of an individual login seems to solve that perfectly. If you can't be bothered, you don't deserve to.
Welcome to buy gsm TV dual sim cards bluetooth mobile phones directly from China,http://www.iselling.cc
ReplyDeleteI would prefer to use a URI than a email. email is for email not auth.
ReplyDeleteThis is NOT OpenID - it goes against the whole OpenID principal of having 1 username able to login to multiple sites. Where is the single sign on?
ReplyDeleteHi :-)
ReplyDeleteopen ID solution sounds good, but what about security threat over here. Can I enter somebody else's google id and login? How we are addressing such issues? If user enters authentication details ( username & password) then how much its safe?
I can think of one solution. Tell how it could be if user can enter password which is visible ( normal text box rather than password box) , but still others can't login? :-)
Do u like this solution ? :-)
Or What if there is no terminology "Password" in login, still its secured!!!!!! Does this sound good?
ReplyDeleteGood Job! I prefer Gmail account as my OpenID.
ReplyDeleteExcept it's not OpenID, is it? It's GopenID, or GoogleID, or Andro-ID, or some other pointless fork of an existing and well-established standard.
ReplyDeleteWhat is it with you guys that your idea of getting in line with a standard is to rewrite your own, incompatible version of it.
Come and actually work with the rest of the community for a change. We don't bite. Much.
Mostly when big companies that ought to be smart enough to have a clue consistently demonstrate that, for whatever reasons, they actually don't.
Even Microsoft managed to get it righter than this? What's your difficulty?
C'est une belle avancée, c'est très pratique.
ReplyDeletePar contre j'ai déjà un OpenId avec mon Blog en utilisant l'adresse url de mon blog, et j'ai du mal à comprendre que maintenant j'en possède 2 avec mon compte Gmail...laquelle utiliser finalement ?
D'ailleusr l'OpenId de mon compte Google ne fonctionne pas ici par exemple... j'ai été obligé de mettre celle de mon blog. Je ne pige pas les subtilités, mais ça va venir sans doute...
OpenID FTW!
ReplyDeleteNice guys, but please allow reciprocity by allowing other open ID providers to sign us in for some google services (I can understand if gmail is a big no :). That'd be a great step towards unified login!
ReplyDeleteSad that he could not support openid url (example smith.gmail.com )
ReplyDeleteHow does this work for people on hosted apps?
ReplyDeletePS: Even in blogger as I am leaving this comment, I tried to just enter my email as an OpenID and it gave an error of : OpenID url is missing.
Completely useless, since this is just opening up your GMail account as a way to authenticate yourself on a third-party website.
ReplyDeleteFar from OpenID thus.
some sites already started to misuse the fecility and using these popular sites for authentication makes the users think that they have been recongnized by these standard sites. For example a site wants to sign up using gmail account, actually they are creating a newuser for their site and they can steal the address book of the person who is registering and misuse for tasks such as sending invitations. Recently i saw a site which even i dont select any of my friends for invitation in the wizard page, they sent it. beaware of so called 'facility' of using a singlew login
ReplyDeleterick rolled? %)
ReplyDelete;)
ReplyDeleteSo when can I log into my google account with an existing OpenID?
ReplyDeleteGoogle can allow a user to use signins from another provider. A common misconception is that google would have to allow registration-less signins. Google however could still require a user to create a registration and username with google and then allow users to link their openids to that registration, allowing them to login to the google account they register with the openid.
ReplyDeleteA proper step in the right direction... a long way to go yet though!
ReplyDeleteNice work Google, but I'll stick to my own.
ReplyDeleteGood work. Look forward to seeing more.
ReplyDeletefine, fine, fine.
ReplyDeleteWell, this is something that we should expected - Google become more and more monopolist, at start they respected standarts, but now, in full power, they can an will drop any "that pesky recommendations".
ReplyDeleteNow Microsoft, lol
Nice blog design...what's it called and where can I get some?!
ReplyDeletegeoff, if you want unique identity, you use a URI, if you want humanness, you use a CAPTCHA.
ReplyDeleteWhat happens with the example site if the user enters "user@yahoo.com" instead of "user@gmail.com"? Does the site need to know that yahoo also provides OpenID functionality? What if the user enters "user@someotherdomain.com"? Which might well be an OpenID provider but obviously for the sake of this example the site doesn't have prior knowledge of that functionality.
ReplyDeleteIs google proposing a standard way to convert any email address into a format suitable for OpenID? If I wanted to support this, would I convert user@gmail.com into http://user@gmail.com/ and similarly user@someotherdomain.com into http://user@someotherdomain.com/?
Is it possible to add OpenID URLs to the list of people who can administer/post to the blog?
ReplyDelete(Or)
Is it possible to link our Google account with an OpenID URL?
Both would be totally awesome.
What I don't like about this solution is that Google teaches people to leave our gmail-address at every other site. And the fact that there is a password field there aswell, chances are that people will easily be fooled to enter their gmail-password as well. If this is a spoof site, it now has total access to your gmail-account...:/
ReplyDeletetell me how can i get my own blogging site?
ReplyDeleteWhat if I have a preexistent openid account (I.E. Claimid)?
ReplyDeleteThis is a great development for OpenID, and more importantly for the websites and end users that can benefit from faster and easier registrations and logins using existing accounts with Google, Yahoo, AOL, and many other OpenID providers.
ReplyDeleteJanRain's RPX (http://www.janrain.com/products/rpx) OpenID website enabling service has already integrated and deployed support for Google's OpenID service. You can see a demo at www.velog.com.
You can also see some case studies of successful OpenID deployments with measurable benefits at: http://www.janrain.com/openid/casestudies
I love Google API!
ReplyDeleteI know a very good site tha uses this. Its a real estate search engine called Imobilien.
Google is EVIL
ReplyDeleteanother dangerous product of google.
They are going to get all information of users like search habits,social,personal,mail and now passwords.
stay safe!
I don't see why this OpenID business is helping me from Google's perspective. If all I only wanted to _USE_ was _ONE_ OpenID, who's OpenID would I use (Google, Microsoft's or My own)?
ReplyDeleteI was already working something similar to this by using the GAuth for desktop application for my website rather than the recommended GAuth for website so i can get the email address X_X
ReplyDeletehttp://corruptedpartition.blogspot.com/2007/09/google-account-authentication-for.html
Anyway i think its also important to allow OpenID providers to sync data between each other like i can register to Google's OpenID using MSN's OpenID and all my info at MSN gets synced on Google then i can just use Google OpenID but if i change an info on Google OpenID, Google must sync back that info to MSN. It must be give and take auto-magically; of course it must available as an option to set it on and off like "tick here to autocast login spell" ^_^
I already have an OpenID thanks. Why would I want to use Google's?
ReplyDeleteCan I use mine on Google's services? Well, yes, on blogger I suppose.
What else?
Pues ya lo probe con GMail y con Hotmail y no pude publicar...
ReplyDeleteThis is cool, and I can't wait to see this snugging up with the actual standard.
ReplyDeleteImplementation of new things is hard, and if it's easier to get a foot in the door this way, then I'm all for it. This is provided that big G take the steps for full implementation.
Ok, so now how do I migrate my existing accounts to use my OpenID? For example, I already have accounts at Amazon, LinkedIn, Facebook, etc. I don't want to lose all my historic data just to use OpenID.
ReplyDeleteJust a comment to let people know that it's really easy to setup it's own OpenID identity server. This way, you control your own credentials... See my post about it: login everywhere using your own identity server
ReplyDeleteThere are going to be problems with this. Primarily what will I login with if I go to a site that shows OpenID and Google Account Logins. I have used OpenID from Blogger to go to a site that only supports OpenID (not google account). Other sites only support Google Account (not OpenID). Now I found a site that I can login with my OpenID (from Blogger) or my Google Account. What am I supposed to do?? Google should just have figured out a way to implement the OpenID Blogger has and give it to users that don't have blogs. Maybe give them a blogspot page without necessarily having a blog. This would have been better for OpenID and for users.
ReplyDeleteThis "walled garden disguised as openness" approach is the wrong way to go, Google, you know it is!
ReplyDeleteThis is not an open ID. Period. Move on, people. No PR points for Google here.
ReplyDeleteLike many have already stated, this does not conform to OpenID standards because the ID should be a URL string, not email. I've already tried to add my Gmail "openID" to many sites that support openID but they all fail with an error stating that my email address is not a valid openID. It should not be the responsibility of each and every service provider to modify their apps because Google did not conform to specs. Unfortunately, most providers will adapt just because there are so many Gmail users but I'm disappointed about this implementation.
ReplyDeletetrying to post with this open id and getting a cant verify error! any help available?
ReplyDeletetest
ReplyDeleteOpenID test from AppSpot
ReplyDelete...
ReplyDeleteThanks for this thread. I have been asked to implement OpenID on a number of services. Google's screwing with the standards confused the hell out of me as to what an OpenID actually was! Now I know that I am not alone in not knowing what my Google OpenID is (not). I am most disappointed in this Google and it confirms my the hate side of my relationship with you it just confirms that I need to be taking my and my clients services away from your servers.
ReplyDeleteThanks for the thread.
great!
ReplyDeletewow!
ReplyDelete真是太棒了!
ReplyDeleteHmm, I can't see anything openid here. Seems like protocol is somehow similar but a pure openid implementation can't handle it.
ReplyDeleteI see that the URI for all users is https://www.google.com/accounts/o8/id
But then that can't be used as identificator, because everybody with a google acc can login with it.
So authentication module of the consumer/relay needs to have special logic to handle google auth.
I lol that you can't comment here using the OpenID url: https://www.google.com/accounts/o8/id
ReplyDeleteaka Google fails at properly implementing it as they should be able to see on their own google product: Blogger
how to use???
ReplyDeleteCould any of you please explain to me how come people who signed up as followers with yahoo email accounts cannot post a comment on the blog???? PLEASE HELP IF YOU CAN
ReplyDeletewhat a long story...
ReplyDeleteTest
ReplyDeleteTEST OpenID
ReplyDeletetest open id too
ReplyDeleteany one tell me how to operate openID with gamil
ReplyDelete