If you’ve not heard about OpenID, it’s an interesting new technology on the web. Given all of the different websites and logins/passwords that one needs to remember these days, this technology could be either a blessing or a curse.
On the bright side is the fact that you store your encrypted login and password on your server and anytime you login anywhere, it authenticates back to your server. On the negative side is what’s known as a ‘single point of failure’. If someone can authenticate using your login and password, then they could have access to any system that you have access to via OpenID.
Here’s a short presentation on OpenID:
The more I learn about OpenID, the more optimistic I am. At first I was really suspect, but having configured it and seeing how to use it, I think it’s a great technology. AOL, Microsoft and SixApart are a few of the latest folks to support OpenID, it appears to be taking on steam.
One of the great things about OpenID is that you can host it right on your own server. I’ve configured phpMyID tonight in a few minutes and it tested and worked great. I chose the easiest option for Single User configuration so I only had to do a few things:
- Make a new directory on my server and install the files. I chose /OpenID/
- I added redirectors to my WordPress header file that redirects any OpenID requests
- I had to configure my password by encrypting my login, realm (this is phpMyID), and password. To do this, I popped a PHP file up on the server with the following code:
- I copied that encrypted string into the configuration for the ID file and I was up and running!
- To test, I simply had to login using a simple URL
- I then logged out
That was it! My OpenID address is now https://martech.zone and it will authenticate the Login and Password that I chose.
One other nice feature that folks haven’t spoke about is use of default information that authenticated applications can access. You can make your name, birthdate, timezone, gender and other information available for use. I love that idea! Less forms to fill out.
There’s quite a lot of news on the blogosphere on OpenID, I’d advise you to read more before you make your decision:
- Using OpenID Delegation – Phil Windley
- A blurb on Technorati’s WTF
If nothing else, OpenID is a simple authentication scheme that, if adopted, should really simplify authentication on most websites. I hope it really explodes though I won’t be accessing my bank account with it anytime soon (nor would I want to). If you want to climb on the OpenID bandwagon, I would do it quickly so that you can get some of the initial press that goes with it.
I tested today with Magnolia. Magnolia worked and even merged my account with my OpenID – very cool. However, either they didn’t redirect my request per my header file or the redirect isn’t working properly. I had to put the exact URL within the OpenID field to get it to work.
Doh! Make sure your <link rel=”URI” is VALID. I just updated mine and it all worked brilliantly. Thanks to Ma.gnolia.com for checking into their side of this as well and offering me a up a few other links to check out:
OpenID for non-SuperUsers
OpenID Wiki
OpenID Mailing Lists
Have you looked at using the wp plugin for openid?
As I see that your users at the moment, need not have openid to comment.
Is that right?
Cheers!
Alpesh
Alpesh, is it the OpenID Delegate WordPress Plugin?
Aha,
Another plugin. I was referring to OpenID by Verselogic.
Which one could be better? 🙂
Cheers!
Alpesh Nakar
I’m not sure! Perhaps some other readers can join in on the conversation. No doubt that both are capable… OpenID really is quite a simple technology that could be easily adapted into a plugin. Thanks for the addition!
No worries. Yes, would love to read what others have to say. Are you planning to have your comments ‘open id’ ed 😉
I don’t think so. I’ve seen where any login on comments often results in less comments. Comments are an important component of a blog and lead to increased Search Engine placement because the page changes and gets reindexed. In fact, quite the opposite, I encourage more folks to comment by utilizing No Nofollow.
I don’t want to do anything to impede anyone from making comments. If OpenID goes mainstream and people get used to logging in for comments, it may change my mind.
Regards,
Doug
Fair enough.
Doug, the verselogic plugin doesn’t require OpenID for commenting, it just adds it as an option. Guests can still comment with the name/email/url combo as usual. I started using it on my site not too long ago.
Dougal,
That looks pretty good! I may do some testing with it and the comments plugin I have for hierarchical comments.
Thanks!
Doug,
You did well. I have done the same thing. 🙂 Lets see how it works with the readers.
Cheers!
Alpesh
Doug
I just got around to do a similar thing. I installed fine and everything. I put those two lines in my WordPress header:
Tested the login worked fine.
Tried WikiTravel, entered my configured OpenID user name (alhome.net) it redirected me then to my own site as if nothing happened.
Am I missing something?
Oops the lines did not come up in the previous comment. But they’re the same as yours with the domain difference.
You can enter code in a comment with <code> tags around your code. I’ll try out Wikitravel and see! It could be that they are not honoring the redirect. It’s good that it came back to your site, but it should redirect to your OpenID page.