OpenID has gained adoption among organizations like Google, Microsoft, IBM, Verisign and Yahoo.
The named tech giants joined the OpenID Foundation, a non-profit incorporated in the United States formed to help manage copyright, trademarks, marketing efforts and other activities related to the success of the OpenID community.
OpenID is a decentralized single sign-on system. Using OpenID-enabled sites, web users do not need to remember traditional authentication tokens such as username and password. Instead, they only need to be previously registered on a website with an OpenID "identity provider" (IdP). Since OpenID is decentralized, any website can employ OpenID software as a way for users to sign in.
Looking so beneficial, OpenID is still used only by a small part of Web sites, mostly blogs. Perhaps, this joint support of Internet and tech companies will provide advertisement for the system.
In spite of system’s advantages, some observers have suggested that OpenID has security weaknesses and may prove vulnerable to phishing attacks.
For example, a malicious relying party may forward the end user to a bogus identity provider authentication page asking that end user to input their credentials. On completion of this, the malicious party (who in this case also control the bogus authentication page) could then have access to the end user's account with the identity provider, and as such then use that end user’s OpenID to log into other services.
Other criticisms are that the addition of a 3rd party (the identity provider) into the authentication process significantly adds complexity and therefore possibility of vulnerability into the system. Also this system shifts responsibility for "quality" of authentication to the end user (in their choice of identity provider), a shift that the end user and the relying party (for example their bank) need to understand.