About OpenID

OpenID is a relatively new technology that is quickly becoming the preeminent standard for identity management on the Internet. Basically it allows a website, such as this one, to figure out who you are.

In a nutshell OpenID allows you to maintain a single Internet presence that you can use to identify yourself to any number of websites (this one included). Rather than having to keep track of dozens of different usernames and passwords for every different site you visit, you can instead use your OpenID identity at all of them.

Odds are good that you already have an OpenID identity and not even know it. For example, if you use a Yahoo! Mail or Google GMail account, you already have an OpenID identity. To learn how to get an OpenID identity, read about choosing an OpenID provider.

Using OpenID can make things simpler for both you and us, yet is still secure. In fact, it could make things more secure.

Since you don't have to remember another password specific to this site, that's one less thing for you to remember or perhaps write down. It also means that we don't have to store you password too—and since the majority of people reuse the same password for many different sites, it also means that you won't be exposing your password to us.

As for us, we don't have to deal with issuing passwords, password resets or recovery, or the security weaknesses that could open up. Also the large established companies like Verisign, Google, etc. already have the infrastructure and expertise to manage peoples' identities securely.

Also we find that most people are a little more careful about safeguarding their personal webmail accounts than they would for a "throwaway" account for a website they don't own.

No. Even though you can use a Yahoo! or Google account to login to this website; the permissions do not work the other way. MedPlus will not have any access to your accounts whatsoever. The only information we will get is the email address of your account, and possibly your local time zone and language preferences.

We do not get your password or any of your contact lists. We don't see any activity in your account. In fact, this is probably more secure for you because you never even choose a password for this website (and many people tend to carelessly reuse the same password at different sites).

Additionally, we only use your account to identify you and allow you to sign into this website. We do not send any email to your account. (Any email we do send you will be to the email address you have on file with ChartMaxx support; usually a hospital-provided email address and one that is distinct from your OpenID identity).

Also the account you use as your OpenID identity is completely separate and isolated from your hospital or employer. They will not gain any access to your account either.

If you have a Yahoo! or Google GMail account you already have an OpenID identity, and you can use that to login to this website. However we are aware that many customers' organizations may have a policy preventing access to these web-based email services.

We also accept OpenID credentials Verisign, a trustworthy Internet company that can provide you with an OpenID identity, but which does not also provide email or other services which your organization may not permit.

Please read about choosing an OpenID provider.

Unfortunately, at this time, other MedPlus websites (such as the ChartMaxx Customer Center) still use traditional username and password based logins.

We are however investigating the posibility of eventually changing those sites to allow OpenID to be used there as well. That would allow you to use a single login to access all our websites. We will keep you informed, and also would appreciate feedback on how OpenID works for you on this website.

Yes, you can use as many OpenID identities as you care to, and you can change your identity(-ies) at any time. All of the identities you use will be associated with your same login account on this website.

When you register and create your account on this website the very first time, you must use one of your identities. Then, at any point in the future you can add additional identities.

To add an identity, while you are already logged into this site:

1. go to the login page (do not logout),
2. try logging in with a different OpenID identity (without logging out first),
3. you will then be guided through and asked for confirmation that you want to add that OpenID identity to your account.

To change identities (say you are moving from Yahoo! Mail to Google GMail); you:

1. add an identity for your new account (following the above procedures),
2. try logging in with the new identity to make sure it works, and then
3. remove your old identity which you no longer want to use.

If you want to learn more about OpenID, where you can use it, and how it works try these resources. Or you can ask us.

• openid.net—The official OpenID home page
• Wikipedia article on OpenID