Showing results for 
Search instead for 
Did you mean: 

Analysis of OpenID implementations

Analysis of OpenID implementations

Analysis of OpenID implementations

Update: Added review of VeriSign's offering below. As Kelly mentioned yesterday, I have spent a few hours looking at how other sites have implemented their OpenID interfaces. Yahoo!'s new service was my favourite because it explains everything and makes it very clear and simple. On the other hand it lacks some features that I think are essential. Identity providers Yahoo!

  • slickest design
  • least features (cannot 'remember' authenticated sites)
  • lots of useful explanatory text
  • login to the service with the standard Yahoo! login screen which benefits from anti-phishing protection
  • the default OpenID URI they give you is hideous (e.g. but you have the option to choose an alternative one such as a Flickr profile (e.g.
  • supports only OpenID 2.0, not 1.1 - this means you can't use it for any sites that have not yet been upgraded to OpenID 2 (most of them at present)

Screenshot Screenshot AOL

  • OpenID support is hidden away & difficult to access
  • has the option to 'Remember this site' but doesn't seem to provide any mechanism to manage authenticated sites
  • supports OpenID 1.1

Screenshot Screenshot myOpenID

  • most feature-rich implementation
  • supports both OpenID 1.1 and 2.0
  • fairly simple to use but extra features inevitably add complexity to the interface

Screenshot Screenshot ClaimID

  • more than just OpenID, something like a digital life aggregator or lifestream
  • supports only OpenID 1.1
  • allows users to edit the details that will be sent for Simple Registration requests

Updated: VeriSign Personal Identity Provider

  • OpenID 1.1
  • more features & options that most users are likely to need (or understand)
  • some advanced features tying-in with VeriSign's security features
  • very granular control of the personal information exposed to the relying party via Simple Registration

Screenshot Screenshot Relying parties (OpenID consumers) Plaxo

  • supports OpenID 1.1 and 2.0
  • supports Simple Registration extension which makes signup a breeze

Screenshot Screenshot CNN Political Markets

  • nice login/signup screens
  • doesn't work!

Screenshot Screenshot Ma.gnolia

  • on first use can create screen name or associate with existing account
  • can associate several OpenIDs with one Ma.gnolia account which seems a bit unnecessary

Screenshot Screenshot Screenshot 37Signals

  • must sign up for an account before being able to use OpenID
  • login screen remembers your choice of OpenID as preferred system

Screenshot Mixx

  • tabbed login screen
  • prize for most amusing error message: "While we're pretty sure that you exist, your OpenID provider says that you don't. Will you try again, please?"
  • Didn't work for me

Screenshot Screenshot OpenID module for Drupal

  • supports OpenID 2.0
  • login fails completely if Simple Registration is not supported

Creative Commons Wiki

  • simplest, no-nonsense system
  • supports Simple Registration
  • doesn't ask to reconfirm registration details, upon returning to the site you are already registered & ready to go

Screenshot Screenshot Conclusions Yahoo! has done an excellent job at making OpenID easier to understand for less techy folks. Plaxo has probably the best implementation of an OpenID consumer. VeriSign demonstrates the use of advanced security features as well as improved phishing detection using a browser extension. Directed identity in OpenID 2.0 affords a much improved user experience. Instead of remembering an arbitrary URL such as, users need only remember the URL of the identity provider, in the case Everything else happens behind the scenes. Few sites currently support OpenID 2.0 and there is no way of tellin, at sign-in, which version of OpenID the relying party supports. This will undoubtedly create confusion especially since OpenID 2.0 support does not guarantee OpenID 1.1 support. The recommended option is to support both versions.


0 Thanks
Interesting that this appeared on the Beeb site today :-
Hi: As the technical director for the OpenID development here at Verisign I would be remiss if I did not ask you to check out our implementation. Our Identity provider called the "PiP" is located at: I would also encourage you to check out or Firefox extension called "SeatBelt" which can be located at: Thanks!
Community Gaffer
Thanks Gary, we'll check that out!
Hmmm, neither of those pages work for me, Gary.
Community Gaffer
Remove the .'s from the end of the URLs Wink
(fixed the URLs) PiP is quite interesting. I was impressed by the granular control of the simple registration extension, i.e. you can choose exactly which details to expose to the Relying Party, but I missed having a "complete all fields" button. The ability to set a date on which your 'trust' for the Relying Party will expire (i.e. after which you will need to re-authorise it) seems a bit unnecessary. It may also give the false impression that your account at the site of the Relying party will be terminated after that date or that they will no longer have access to your information. There appear to be lots of other features to tie in with VeriSign's identity services but I haven't had a chance to check them out yet.
[...] reviewing those other implementations last week, Tam has been experimenting with some prototypes for how we could implement it on our [...]