OpenID Cryptography Review

On July 29, 2005

LShift Developer Paul Crowley has redesigned the security for the OpenID system.

OpenID is a simple single-sign-on mechanism for attributing content such as comments on blogs and Wiki edits. Unlike Microsoft’s Passport, any site can publish and manage identities; no central provider is needed.

Version 0 of the OpenID protocol was designed by LiveJournal founder Brad Fitzpatrick. For version 1, he called on LShift senior developer Paul Crowley to provide a cryptographic review. The result is a protocol which is easier for small sites to deploy, and over a thousand times faster for larger sites to participate in.

OpenID has now been adopted by sites spanning many millions of users, including LiveJournal and related sites, and the Schtuff wiki.