What OpenID is good for
Given my earlier entry that talked about OpenID's limitations, one might wonder what it's good for. There's a number of good uses for it that I can think of:
- it's a better signature than just asking people to leave their name
or their website, in that it's harder for other people to forge and
it does more to tell readers who they are.
- an OpenID identity makes a better password than yet another piece
of text that both you and the user have to keep track of, and if
you want to you can also use it for the user's login, so that they
don't have to keep track of that either.
This means that you can make a very lightweight user registration system by just asking people for their OpenID; they don't have to go through the hassle of coming up with an email address for you, or a login name, or a password.
(Of course one motive for collecting people's email addresses when they register is so you can later email them marketing stuff, but this is one big reason why people are so reluctant to give them to you.)
- you can easily give accounts on your website to specific people who have OpenIDs, especially if you know their OpenIDs already.
Another way to put this is that OpenID means users have to keep track of fewer identities; instead of a mostly separate identity per website, they just have an OpenID identity. At the extreme, websites don't even ask you to register, they just give you opportunities to naturally use an OpenID, give you a cookie to keep track of it, and then start offering you additional features as long as you're 'logged in'.
(The clever way would be to give you two cookies, one for your session and one long-term one that just marked that you had given the website an OpenID at some point. Then later if you visit with only the long-term cookie, the website can show you a more prominent 'log in here with your OpenID to re-establish all your personalizations' login box.)