what does this mean?

Well in abstract terms OpenID is an enabling technology that allows an internet user to mediate the flow of their digital identity information between websites. The user establishes a persona URL, like this blog, an identity URL managed by their Identity Provider, then mediates exchanges with other websites, known as Relying Parties, through their browser.

Diagrammatically the parties and network protocol look like this:

Typically, the identity information that is being moved is either assertions about authentication or attributes that contain personal information. An authentication assertion is a cryptographic mechanism for asserting that you are who you say you are, and personal information attributes are things like your first name, last name, email address, etc.

In the context of a blog that translates into the following functionality:

1) The blog authors can log into the blog using their OpenID identifier, rather than remembering a blog specific username and password. So, one less thing to remember.

2) When commenting the blog reader can identify themselves using their own OpenID identifier, and rather than typing in their contact information it can be requested from their profile.

3) The blog author could use the URL of their blog as an OpenID identifier, either by delegating that identifier to another OpenID provider, or by making the blog itself into a provider.

Why do this?

Well, I just wanted to get a hands on appreciation of the state of the digital identity infrastructure available today. So, how do we go about this project? Well, there are resources available on the net, it’s just a matter of bringing them all together. The first step is to establish a digital identity identifier with an identity provider.

Create an OpenID identifier

So, let’s begin with the simple stuff. I created for myself an OpenID identifier at JanRain’s myOpenID service, which is a well known provider. The identifiers it provides are of the form username.myopenid.com, so my identifier is http://merrells.myopenid.com

Delegate a Persona URL to an OpenID identifier

The next step is to delegate the persona URL to the OpenID identifier. This can be done using a WordPress plugin written by Will Norris, called WP-YADIS. Nasty name, but once configured with the name of the identity provider (myopenid.com) and the identifier (merrells.myopenid.com) it will effectively allow me to use my blog URL as my identifier. It does this by adding a couple of link tags to blog web page. You can use View-Source to check they’re there.

Now, when confronted with a request for my OpenID identifier I can type the more personal johnmerrells.com, instead of the slightly less personal merrells.myopenid.com

Let’s test it with http://www.booksiamreading.com . I type in my delegated identifier (johnmerrells.com), and it redirects my to the myOpenID verification page.

It worked. Excellent. But, it would have been nice if the verification page had also displayed the delegation identifier. I wonder if the protocol supports that?

Author/Commenter Login by OpenID

Will Norris, et al, have written a plugin called WP-OpenID, which supports both author and commenter login via OpenID.

Once installed the only configuration requirements are to add the identifier URL for each of the authors.

This is where I’m stuck for the moment. I add my identifier, which I can see has been authorized by my provider, but it doesn’t appear on the admin page. I wonder what’s gone wrong? More investigation is required…

Stowe may have sold his chest space for the next six months, but he’ll always have his sxip underware on.