Navigation
Community
Hey, Doc Searls! Easy OpenID tutorial!
(Doc Searls tells me he reads blogs by search, so let's see if (Santa Barbara) this post will (Internet Identity Workshop) draw his attention.)
Evan, who wrote about OpenID for us, has some recommendations for getting OpenID going. Doc tried using his LiveJournal account to log in to
Wikitravel, and here's Evan's advice:
He should be able to go to our OpenID login page here: http://wikitravel.org/en/Special:OpenIDLogin
...and enter the URL of his LiveJournal (note: not just the username -- the full URL). Entering something like dsearls.livejournal.com should do the trick. LJ will ask if it's OK to share his info (it's OK, he can take my word for it), and after that he should be logged in.
He'll get a brand-new Wikitravel account, tied to his OpenID. The next time he logs in with that OpenID, he will have that same account.
If he already has a Wikitravel account, he can convert it to use OpenID, thusly: http://wikitravel.org/en/Special:OpenIDConvert
By the way, there are a -lot- of services providing OpenID identities out there. -And- OpenID allows delegation of identity. So, for example, I use a nice service called MyOpenID for
authentication, but I want to use my blog's main URL
(http://evan.prodromou.name/ ) as my identity. So I added a couple of delegation "link" elements to the HTML for that page to identify an authentication engine.I know that Doc uses iNames, which is a competitive, half-compatible standard for identity. The newest version of OpenID supports logging in with an iName (very cool), but I don't have that tested and running yet.
This is my list of OpenID authentication services that I test with; any one of them should work fine with Wikitravel:
(More gratuitous Doc bait: Will Lenovo catch the Cluetrain and make "nude" systems available for vendors like Emperor Linux to set up with working wireless so people can get some DIY-IT done?)
Delicious
Digg
Reddit
Furl
TechnoratiPodcast interview with Jane Silber and Carl Richell
Tune in to our podcast for the answers to your Ubuntu questions. What's new in Ubuntu's "Feisty Fawn" release, what does Canonical offer to system integrators, and how many virtualization systems can one distribution offer?LinuxWorld Conference and Expo San Francisco, August 4-7, 2008.
Linux Plumbers Conference Portland, OR, Sept. 16-19, 2008.
FreedomHEC Santa Monica, November 8-9, 2008.
|
|
Sponsored links |
The Irony is...
...that I kiboze the blogosphere using Google Alerts, so this posting showed up in my inbox this afternoon.
shhh...
...we're reinventing Usenet on top of RSS and community sites -- don't tell anybody.
It worked.
This blog entry: 16 November 2006
Doc links in: 22 November 2006
Shibboleth
In most talks about openID and all this stuff -- why hasn't anyone been discussing Shibboleth, already used throughout Internet2 and actively being sought out by large companies?
It interoperates with all sorts of ID systems, eg MS Active Directory.
Implementation effort?
How easy is it to implement compared to OpenID and i-name? It seems like people would want to get comfortable using an identity system for something little like web comments and not having to create an account on every site where you want to post a comment, then gradually start using it for important stuff. The problem is that if everyone is starting off with just web comments, the big budget to implement an ambitious identity system isn't there.
Law of IT Project Budgets: The more that an IT project can actually change your business, the lower the budget. (A forced upgrade of your desktop OS will eat your budget for the year; most companies' first web sites were done on a "borrowed" server in people's evening time.)
Shibboleth vs. OpenID
The reference shibboleth implementation is open source, so unless you really want to there is no need to reimplement it.
I have no experience with OpenID, but I recently installed a shibboleth service provider (SP) on our webserver. While OpenID and Shibboleth might be similar on the surface and the protocols are pretty similar too, they are targeted for rather different applications. I think in practice Shibboleth is a bit too heavyweight for something like blog comments. With shibboleth you need certificates both ways and/or PKI, and you need to negotiate with the identity provider (IDP) what attributes (e.g. username, gender, age, snail mail address, employment status, whatever) are to be released to your SP. While this is very nice from a privacy standpoint and necessary for "important" applications, I can't imagine every dinky blog provider having written contracts with a large amount of possible ID providers just so you could post comments.
So I guess there is a place for both..