OpenID is a decentralized digital identity system, in which any user’s online identity is given by URL (such as for a blog or a home page) [...], and can be verified by any server running the protocol. (wikipedia)
Okay so that’s cool – the idea is that you want to sign in on a web-site that you’ve never seen before, so you give it your OpenID and *poof* you’re in. As part of the package, the web-site can also request some profile information from your OpenID provider, so you don’t have to re-type it. Lots of work has happened behind the scenes to make sure who you say you are is valid, so that the web-site can trust your OpenID.
Unfortunatly you still have to log into your OpenID provider with a username and password. “I thought OpenID was supposed to help with this horrid multiple username and password problem”, I hear you cry – at least you (hopefully) trust your OpenID provider more than you do some abritary web-site.
Unlike most single sign-on architectures, OpenID does not specify the authentication mechanism. (wikipedia)
Cool! So we can pick our own. How about a password-less authentication, that uses your instant messenger identity to confirm your OpenID?
It’s actually easy, you just take a copy of the PHP Standalone OpenID Server, add the required PHP OpenID library, and add a sprinkle of XMPP XEP-0070 support in form of a patch. Bake for a short while, and be sure to serve hot