Archive of "Openid"

Archive for the "Openid" Category

Delegating to Multiple OpenIDs

Posted on

The current OpenID delegation model is great.  One adds some simple discovery code to one’s homepage and poof! you have an easy to remember OpenID that remains the same even if one changes providers.  That’s all great, and I’ve been using it almost since OpenID came out.

But I think we can do even better.

When I’m at home on my own computer I like to use  Among other things, it lets me sign in with a client-side TLS certificate, which is much more secure than a password.

When I’m at school in the labs, I don’t want to install a certificate there. Nor do I want to use a password by itself. no longer provides the best featureset for what I would like to do, but rather the OpenID-Jabber bridge at is likely much closer.

So one solution is to add both OpenIDs to services I use, and then I can use the URL for the one I want, when I want.  The problem with this solution is (1) the abstraction is horrible, and all the benefits of delegation go away (2) not all services I use let me associate multiple OpenIDs (I’m looking at you, PostRank).

So how do we solve this?

I would love to add the delegation discovery information for both providers to my homepage.  Then, when logging in, the RP gets the list of providers I use, and presents me with a menu asking which one I prefer.  Providers not yet upgraded to have this new functionality would just keep using the first one they found, so it degrades quite gracefully.

I’m very interested to see feedback from the community on this idea.  Post comments below, or tweet @singpolyma 🙂

Ah, I’m not the only one!

Posted on

I knew others were talking about distributed social networking, but Messina is working on code, and even code for WordPress! The Kilroy concept (an “I was here” plugin) looks excellent. Avatars looks like exactly what I’ve been saying I should do since I installed Gravatars on this blog. The contactlist plugin looks like basically what I have here (his code, I believe), but I’ve hacked mine some.  His delegation looks a lot like what I want to add to my XRDS plugin.  Pempeth would go great with his contact form concept.

Other cool stuff there too — overall just excited that things seem to be picking up a bit in this field — I’m writing some bookmarklets just now, and really should clean and release some of the remaining WordPress code.

Blogger in Draft

Posted on

…because “in Draft” sounds cooler than BETA.

Yes, Blogger is at it again. Releasing new and (sometimes) exciting features. I took a bit of a spin with it today to see what is up.

The major additions are in regards to some of the rougher bits of Blogger 3.0 – the template WYSIWYG template editor.  Some sorts of widgets have been sorely lacking for some time.  Subscription links (for feeds) are new trivial to add to one’s Blogger sidebar.  Better for hackers, Google Gadgets can now be directly added.  The fact that this comes so close on the heels of OpenSocial is doubtfully a coincidence.  This opens Blogger up to a large number of new functionalities instantly.  Other new widgets include a search box, polls, and a sideshow widget for photos.

Videos are now just as trivial to add to posts as images.  A loss useful feature, but cool none the less.

Now for my favourite and most exciting feature – OpenID!  Yes, you read it correctly, the new Blogger (which could doubtless be dubbed Blogger 4.0) has support for leaving comments using OpenID!

This is exciting for a number of reasons, but largest of all is that this will soon expose THOUSANDS of people to OpenID.  This could easily take it from a geek tech to mainstream knowledge.

OpenID as True Single Signon

Posted on

OpenID is meant as a distributed single signon protocol. Unlike corporate-only systems (ie, Google Accounts) however, you have to sign on at every single site. When I sign in to Gmail I am automatically signed in to Blogger, etc.

While the inability to store ‘cookies’ or similar across domains makes this not 100% possible, I have a suggestion that will make it easier.

Make every page on an OpenID-enabled site accept the openid_url GET parameter. If it is there, authenticate the user using that OpenID and then redirect back to the page the GET string was passed to – minus the openid_url parameter. Thus if I click a link from one OpenID-enabled site (where I am signed in) to another, I can be signed in automatically.

A browser plugin (ie, Firefox extension, or built into the browser as may come in Firefox 3) could be used to store the last-entered value into a form with text input named openid_url (dependent on user settings of course). This value would then be added to the GET request on any URL (or pertinent URL, depending) the browser goes to. OpenID-less sites won’t care, OpenID-enabled sites will automatically sign you in.

OpenID for WordPress

Posted on

Someone else has written a (imho) better plugin. I have a backlog of tweaks to do to this plugin to make it work on more systems which I haven’t got around to blogging/integrating. Note that this new plugin does not support using your blog as an OpenID server. It does, however, support sreg (but not hCard) and integrates into the WordPress account system.

I have modified Alexander Nikulin’s plugin for WordPress that enables users to leave authenticated comments using OpenID and enables blog owners/contributors to use the blog as their OpenId. I have made the plugin compatible with WordPress 2.0, cleaned up the validity of the XHTML produced, and fixed a bug that kept some sites from finding the server.

It is reccomended that when using the server the blog admin use the blogs main URL as their OpenID but that other users/contributors use BLOGURL/?author_name=USERNAME.

When returning to the post page after posting a comment, if the comment was held for moderation ?moderated=true is appended to the URL. Adding code like the following will alert your users to this fact:

<?php if($_GET[‘moderated’] == ‘true’) echo ‘<div style=”display:block;padding:20px;background-color:#ccc; font-weight:bold;font-family:sans-serif;font-size:12pt;”> Your comment is awaiting moderation.</div>’; ?>

Possible future features:

  • Support for sreg / hCards to get an actual name for the commentor instead of just using their URL
  • Support for sreg / hCards in the server implementation
  • Support for YADIS

Download the plugin

To install the plugin:

  1. Download the gzip from the link above and unzip it
  2. Upload the resulting folder into your /wp-content/plugins/ directory
  3. Edit your template and replace your comments form code (likely in comments.php) with
    <?php include dirname(__FILE__).’/../../plugins/openid/openidform.php’; ?>