Comparison of Support among OpenID Providers

This table shows the varying degrees of support by a few OpenID providers, both in terms of OpenID discovery and the OpenID protocols themselves. A detailed explanation of each is available below the table. The small “x” link next to each provider is the OpenID URL I used for testing. If any providers would like to be added to the list, please let me know.

Discovery Support OpenID Protocol Support
content- type xrds- header xrds- html yadis- html openid- html openid2- html signon- 10 signon- 11 signon- 20 sreg-10 sreg-11 ax-10 pape- phishing pape- multi pape- physical
2idi (x) x x x x       x x x x         2idi (x)
AOL (x)         x     x               AOL (x)
Atlassian Crowd (x)                               Atlassian Crowd (x)
ClaimID (x)     x       x                 ClaimID (x)
ClaimID 2 (x) x x x   x   x x   x           ClaimID 2 (x)
IDtail (x) x x x   x   x x   x           IDtail (x)
Iden.tt (x) x   x x x x x x x x x   x x   Iden.tt (x)
Linksafe (x)         x x   x x             Linksafe (x)
LiveJournal (x)     x   x   x x               LiveJournal (x)
MyID (x)   x x   x x x x x x x         MyID (x)
MyOpenID (x) x x     x x x x x x x x x     MyOpenID (x)
MyVidoop (x) x x x x x x x x x x x x x x x MyVidoop (x)
Protect Network (x)         x     x               Protect Network (x)
SUN (x)         x     x               SUN (x)
SignOn (x)   x x   x x x x x x x   x     SignOn (x)
Sxipper (x)   x x   x x x x x x x x x     Sxipper (x)
Technorati (x)                               Technorati (x)
TypeKey (x)         x x   x x             TypeKey (x)
Verisign PIP (x) x x x   x x   x x x x   x x x Verisign PIP (x)
Wordpress (x)         x     x               Wordpress (x)
  content- type xrds- header xrds- html yadis- html openid- html openid2- html signon- 10 signon- 11 signon- 20 sreg-10 sreg-11 ax-10 pape- phishing pape- multi pape- physical  

Table Last Updated: Wed, 10 Jun 2009 01:14:24 -0700

Protocol Tests

Discovery Support

Discovery is the process by which a website advertises that it can be used as an OpenID Identifier, and in turn how OpenID consumers detect that information. The information can be embedded directly into the site’s HTML code, or in a separate metadata document. OpenID providers need not support every possible discovery method, but since many OpenID consumers only attempt discovery using a subset of the methods, it’s good to support as many as possible.

content-type

The metadata document for the Identifier can be retrieved using HTTP content negotiation by sending the following header in the request:

Accept: application/xrds+xml
xrds-header

The URL for the metadata document is advertised in the HTTP response using the following response header:

X-XRDS-Location: http://example.com/path/to/xrds
xrds-html

The URL for the metadata document is advertised in the site’s HTML code using the following meta tag:

<meta http-equiv="X-XRDS-Location" content="http://example.com/path/to/xrds" />
yadis-html

Identical to xrds-html, but using an older version of the http-equiv value:

<meta http-equiv="X-YADIS-Location" content="http://example.com/path/to/xrds" />
openid-html

The OpenID server and delegate are advertised in the site’s HTML code using the following to link tags. If the delegate tag is omitted, the URL of the page itself is used.

<link rel="openid.server" href="http://example.com/openid_server" />
<link rel="openid.delegate" href="http://username.example.com/" />
openid2-html

Identical to openid-html but uses rel values that indicate support for OpenID version 2.0.

<link rel="openid2.provider" href="http://example.com/openid_server" />
<link rel="openid2.local_id" href="http://username.example.com/" />

OpenID Protocol Support

As OpenID has matured over the years, multiple versions of the specification have been published. OpenID providers can advertise their support for different OpenID versions using any of the discovery methods above.

In addition, several specifications have been published which extend the functionality of OpenID. All of the OpenID extensions to date must be advertised in the metadata document for the OpenID Identifier.

It is important to note that this table only reflects which OpenID protocol versions and extensions are advertised by the OpenID provider. No attempt has been made to test the actual functionality of these protocols. That being said, it has been my experience OpenID providers do in fact support the protocols advertised.

signon-10

The OpenID provider supports OpenID Authentication 1.0. OpenID 1.0 is wire-compatible with OpenID 1.1. Support for OpenID 1.0 is advertised by the following Service Type URL in the metadata document.

http://openid.net/signon/1.0
signon-11

The OpenID provider supports OpenID Authentication 1.1.
Support for OpenID 1.1 is advertised in the site’s HTML or by the following Service Type URL in the metadata document.

http://openid.net/signon/1.1
signon-20

The OpenID provider supports OpenID Authentication 2.0.
OpenID 2.0 is not compatible with OpenID 1.x, though many providers support both protocols simultaneously.
Support for OpenID 2.0 is advertised in the site’s HTML or by the following Service Type URL in the metadata document.

http://specs.openid.net/auth/2.0
sreg-10

The OpenID provider supports Simple Registration 1.0.
Support is advertised by the following Service Type URL in the metadata document.

http://openid.net/sreg/1.0
sreg-11

The OpenID provider supports Simple Registration 1.1.
Support is advertised by the following Service Type URL in the metadata document.

http://openid.net/extensions/sreg/1.1
ax-10

The OpenID provider supports Attribute Exchange 1.0.
Support is advertised by the following Service Type URL in the metadata document.

http://openid.net/srv/ax/1.0
pape

The OpenID provider supports one or more of the authentication policies defined in Provider Authentication Policy Extension 1.0.
Support for each authentication policy is advertised individually in the metadata document.

Support for “phishing resistant” is advertised using the following Service Type URL.

http://schemas.openid.net/pape/policies/2007/06/phishing-resistant

Support for “multi-factor authentication” is advertised using the following Service Type URL.

http://schemas.openid.net/pape/policies/2007/06/multi-factor

Support for “physical multi-factor authentication” is advertised using the following Service Type URL.

http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical