These days it seems like at the core of every web application is some kind of authentication system. Think about it for a second, when is the last time you visited a site that didn't at least have the option for you to identify yourself. Even the Dilbert website has a register button. As a web developer I've created a number of these systems and after a time I finally decided it was time to turn the whole thing into a service. The advantages here are two fold, first, it keeps me from having to port the code around from project to project and second, it allows me to just keep track of one username and password. There are plenty of systems already in existence throughout the web, most notably the late Microsoft Passport (now known as Microsoft Live) and the more publicly available OpenID. The diagram below shows how the eToys website utilizes a passport system.

In their simplest form passport systems work almost transparently through two interfaces. The first being an authentication page which receives log in attempts from a form on the user based application. The form, instead of submitting to a page on the application site will submit the data to the passport log in page along with an application identifier and success and failure URLs. If the passport system determines that the credentials are valid it can redirect to the success URL with the generated login identifier in the query string. The application can then verify this login identifier using the passport system to prevent spoofing.

Another advantage to the passport system is it painlessly secures logins for applications that have no other use for it. A social networking site or a fantasy sports league hardly need to be protected by a secure connection but the user's credentials certainly should be. Users tend to use the same or a few of the same passwords across the web. So while losing a fantasy sports league account may not be such a big deal, allowing access to an Amazon account with the same password is. Channeling all authentication communications through a secured connection greatly reduces the risks of this occurring.

Once the basis of the passport system has been created it's easy to create additional features that can be utilized or ignored by applications based on need. Permissions management, session management, attribute sharing and so on are just a few examples.