First of all, it is important to understand what this "identity" does and doesn't do. It's a bit, well, it's a bit of an existential problem. "Who" am I? And "who" are you? If you give me your name and I give you mine, what do we know about eachother? Not much. As it turns out, that's basically what you get with an OpenID. A name, nothing more, nothing less.
As it turns out, following the above blog is a good illustration for how an OpenID works and what it does, so:
- Go to http://myopenid.com and register for an OpenID,
- Configure your homepage as a proxy for that OpenID,
- Go to a site that supports OpenID, like LiveJournal, and post a comment.
Okay, in "step 1", you create your identity. This is like getting your Social Insurance Number or passport. It's your official identity. It's like having your name and number on a little plastic card only in this case, the "number" is actually a URL for your OpenID. Mine is http://dlepiane.myopenid.com. Just like a SIN number, it's kind of a pain to remember, but after using it enough times, you'll remember it ;)
Now "step 2" isn't really necessary. However, just like in real life, my "official" name isn't really the name I like to use everyday. My SIN card says "Joseph Dominic" but I prefer "Dominic Joseph", so I setup a proxy for regular everyday use. Following the instructions in the blog (which involves adding two lines to my blog), I have setup my preferred name (http://dl.nibble.bz/~archangel) to be equivalent to my "official" name.
Now in "step 3", I actually use this identity which really shows how this all works. I go to LiveJournal and when I post a comment, it asks me "who are you?" Rather then debate "who" or even "what" am I, just just give my preferred name (http://dl.nibble.bz/~archangel). My name doesn't *really* mean anything, it's just something that's going to show up in my comment so anyone that actually knows me will say "hey, Dominic left this message, I know that guy!" Now LiveJournal is a bit of a stickler. It requires my official identity so what the site does is it goes to my identity page, the http://dl.nibble.bz/~archangel one, and tries to get my identity verified. What it finds is that my given identity is not my real identity and so LiveJournal gets redirected to my real OpenID, http://dlepiane.myopenid.com. Once it gets there, MyOpenID.com doesn't just hand over my information, it requires me to a) login, and b) authorized LiveJournal to access my identity. So if I'm happy with handing my SIN over to LiveJournal, I login and confirm that LiveJournal should be able to get my "official" identity.
And that's it. An OpenID is just a name and some sort of verifiable "official" number.
There are many things that an OpenID does not do. It does not create an account for every site. Like for LiveJournal, you don't get a blog just by having an OpenID because you need more then an identity for that, like some web space and such. It doesn't stop spammers, they can register any number of OpenIDs they want to spam you. It doesn't make you anonymous on the web, neither does it reveal any more information then you give.
However, for even these "flaws", having an identity helps address the problems. You may not get a blog on LiveJournal, but you can comment on LiveJournal without a blog. It also can make registering for LiveJournal easier. It may not prevent spammers, but if you could keep an OpenID address book, then you would have a better idea of who's messages were legit, and who's were spam. And even though your "identity" doesn't hide itself, it's just a URL. It doesn't say who you are.
I hope that eventually, OpenIDs will replace all the crappy centralized identities, .Net passport, we're talking about you here, and eventually have wide adoption on the web. It's useful enough that I will use one, but I think it should, and could, become ubiquitous someday.
And that's all I have to say about OpenID.