OpenID Installed and at the Ready!
Douglas Karr
If you’ve not heard about OpenID, it’s an interesting new technology on the web. Given all of the different websites and logins/passwords that one needs to remember these days, this technology could be either a blessing or a curse.
On the bright side is the fact that you store your encrypted login and password on your server and anytime you login anywhere, it authenticates back to your server. On the negative side is what’s known as a ’single point of failure’. If someone can authenticate using your login and password, then they could have access to any system that you have access to via OpenID.
Here’s a short presentation on OpenID:
The more I learn about OpenID, the more optimistic I am. At first I was really suspect, but having configured it and seeing how to use it, I think it’s a great technology. AOL, Microsoft and SixApart are a few of the latest folks to support OpenID, it appears to be taking on steam.
One of the great things about OpenID is that you can host it right on your own server. I’ve configured phpMyID tonight in a few minutes and it tested and worked great. I chose the easiest option for Single User configuration so I only had to do a few things:
- Make a new directory on my server and install the files. I chose http://marketingtechblog.com/OpenID/
- I added redirectors to my WordPress header file that redirects any OpenID requests:
<link rel="openid.server" href="http://marketingtechblog.com/OpenID/MyID.php">
<link rel=”openid.delegate” href=”http://marketingtechblog.com/OpenID/MyID.php”> - I had to configure my password by encrypting my login, realm (this is phpMyID), and password. To do this, I popped a PHP file up on the server with the following code:
<?php echo md5(login:realm:password);> - I copied that encrypted string into the configuration for the ID file and I was up and running!
- To test, I simply had to login using a simple URL
- I then logged out
That was it! My OpenID address is now http://marketingtechblog.com and it will authenticate the Login and Password that I chose.
One other nice feature that folks haven’t spoke about is use of default information that authenticated applications can access. You can make your name, birthdate, timezone, gender and other information available for use. I love that idea! Less forms to fill out.
There’s quite a lot of news on the blogosphere on OpenID, I’d advise you to read more before you make your decision:
- Using OpenID Delegation - Phil Windley
- A blurb on Technorati’s WTF
If nothing else, OpenID is a simple authentication scheme that, if adopted, should really simplify authentication on most websites. I hope it really explodes though I won’t be accessing my bank account with it anytime soon (nor would I want to). If you want to climb on the OpenID bandwagon, I would do it quickly so that you can get some of the initial press that goes with it.
OpenID for non-SuperUsers
OpenID Wiki
OpenID Mailing Lists
As I see that your users at the moment, need not have openid to comment.
Is that right?
Cheers!
Alpesh
Another plugin. I was referring to OpenID by Verselogic.
Which one could be better?
Cheers!
Alpesh Nakar
I don’t want to do anything to impede anyone from making comments. If OpenID goes mainstream and people get used to logging in for comments, it may change my mind.
Regards,
Doug
That looks pretty good! I may do some testing with it and the comments plugin I have for hierarchical comments.
Thanks!
You did well. I have done the same thing.
Cheers!
Alpesh
I just got around to do a similar thing. I installed fine and everything. I put those two lines in my WordPress header:
Tested the login worked fine.
Tried WikiTravel, entered my configured OpenID user name (alhome.net) it redirected me then to my own site as if nothing happened.
Am I missing something?