It is now possible to use RePEc Author Service credentials to log into some other websites using the OpenID schema. This means that users do not need to use separate user names and passwords for those websites.
OpenID uses a user’s web page to establish credentials, as long as the website participates in OpenID. The RePEc Author Service now does so, with the drawback that few users know their profile URL (for example: http://authors.repec.org/pro/pzi1/). For this reason, services using OpenID credentials through RePEc will typically request the user’s RePEc short-ID (for example: pzi1). The latter can be found on an author’s profile on EconPapers or IDEAS, or by using a RePEc short-ID lookup tool.
A typical authentication procedure goes as follows:
- The user is asked for a personal RePEc short-ID at a referring service.
- The service forwards this information to the RePEc Author Service, which shows the habitual log-in page.
- The user enters the usual RePEc Author Service credentials (email address and password).
- Upon success, the RePEc Author Service asks for confirmation that log-in should proceed at the referring service.
- Upon confirmation, the referring service obtains confirmation from the RePEc Author Service that this is the person with this short-ID.
Steps 2 and 5 are bypassed if the user has a live RePEc Author Service session. It should be noted that the RePEc Author Service does not communicate the email address or the password, only that the owner of the short-ID (and its corresponding web page) is indeed this person. The referring service is then free to use the short-ID in its own authentication.
Note that some people will not be able to use this authentication service right away. Indeed, their RePEc Author Service profile needs to be enabled for this. This is not the case for anybody who has not logged in the RePEc Author Service since late June 2012.
OpenID authentication through RePEc is currently in use for the maintenance of reading lists and publication compilations on IDEAS, as well as for the RePEc plagiarism committee. Other services that require authentication, tied to RePEc or not, will soon follow.