• Each of these pages has a URL
• If the services supported it, each of these
URLs can be an OpenID
• This lets me assert ownership of my proﬁle
• I can use OpenID to tie proﬁles together
across multiple sites
The social network problem
• Every site wants to know about my social
• Re-friending everyone on every site I visit is
tedious, and a major barrier to adoption
• The Facebook platform lets me reuse the
Facebook social graph - but I have to abide
by their rules
OpenID provides the globally
unique identiﬁer needed to
create a portable social graph
Total Relying Parties
What’s in it for you?
• Reduces the overhead for signing up for an
account on your service - great for
attracting early adopters
• The ability to “prove” ownership of your
account is an excellent complement to your
service’s Web Service API
• You can learn about a user’s proﬁles
elsewhere on the Web
• Does this mean I no longer have a database
of user accounts?
• How do I know that an OpenID is a real
person, and not an evil spammer?
• Isn’t it a bad idea to outsource the security
of my users to a third party?
• What are the privacy implications of this?