posts tagged with the keyword ‘openid’

2010.08.31

Lanyard

Lanyrd has launched. It’s a social conference directory. You log in using your Twitter credentials. It sounds like a neat idea. Obviously I need to complain about it…

Lanyrd is for Twitter users, and no one else. Got a Twitter account? Click the gigantic “Sign in with twitter” button. Don’t have a Twitter account? Sorry, you can’t use it. I could not find any way to create an account, or even login using an OpenID. Twitter users only are invited to this party.

Now, I’ve been a fan of Simon Willison for many years. He’s a blogger/developer who has done a lot of interesting things. He’s even written a lot about OpenID over the years. I sort of feel like that’s all been thrown out the window with the launch of Lanyrd. Twitter is your only identity.

Now, to be fair to Simon, I have no idea what is planned for Lanyrd, and it may grow to support other identity options, or maybe it’s just another tool that was built for, and works specifically with Twitter. It does make sense, as it would use your Twitter network to make all the connections.

But part of me sees this fracturing of the web, and makes me a little depressed. If Lanyrd was a services I wanted to use and I was not a Twitter user, I’d feel excluded. It makes me feel like Twitter is my main identity online, and I guess that bothers me. I’ve been using things like usernames, and emails, and even URLs to log in to web sites for years, but now it’s just my Twitter account. Don’t have a Twitter account? You’re out of luck.

Again, I don’t mean to be hard on Lanyrd or single them out… I guess I just see sort of thing as another step in the centralized identity that you can’t really own, and I’m a fan of decentralizing things.

I guess the old method of making connections would be something like:

  1. Create account.
  2. Verify account.
  3. Provide your email address, or Gmail account info, or address book, or some other means of exposing your connections (including perhaps, your Twitter info.)
  4. Have the system attempt to make connections for you.
  5. Approve the connections you want to make.

Yes, that’s probably inefficient, and a lot more work, but sometimes freedom comes at a price. There must be some sort of middle ground between making a system elegant, simple, and easy to use, and providing choices. I just don’t know where that middle ground is.

FOAF probably isn’t the answer. XFN probably isn’t the answer. OpenID isn’t the answer in this case… Maybe giving up and accepting the giving away of your identity to a free service is the only option.

2010.08.26

OpenID

I often feel like most of the people I deal with don’t care much about their identity online and who controls it. Plenty of people are fine handing it over to Google, Apple, Microsoft or another large company instead of having some say in it themselves. I’m going to show you a simple method of gaining just a little bit of control back… it’s called delegation.

When I first signed up with an OpenID provider many years ago, I wasn’t exactly happy about giving my identity to someone else, but I didn’t want to run my own OpenID server. The solution is to delegate your identity.

Think of delegation like forwarding. You can forward your phone calls, or forward your email, and the people who contact you never need to know what your actual phone number or email address is… they just use what you give them. And if you change your actual phone number or email address, you don’t need to tell everyone about it, as they are using the one that does the forwarding, and that one still works. It’s like DNS… your domain name stays the same (hopefully!) while the IP address can change. Abstraction is a wonderful thing.

So how do we delegate our OpenID? Well… you’re gonna need a web site… Do you have one? Good! If not, go get one… go ahead, we’ll wait. Come back when you have one.

Got a web site? Good!

We’ll also assume you have an OpenID. You probably have one… If you have an account with Google, or Yahoo!, or LiveJournal, or Flickr, or any of these guys… then you have one.

OK, back to your web site (since you have one now!) You basically need to add a bit of code to the head of your home page.

For instance, if you wanted to use Google, it would look something like this:

<meta http-equiv="X-XRDS-Location" content="http://www.google.com/profiles/[USERNAME]" />
<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud?source=profiles" />
<link rel="openid2.local_id" href="http://www.google.com/profiles/[USERNAME]" />

Where [USERNAME] is your profile username. You can use the Delegateid tool to figure it out. (See their blog post for more info: Delegation Made Easy.)

If your provider supports the old version of OpenID you may have two more lines, which will say openid rather than openid2. Paste them all into place.

Now when you need to login somewhere that allows you to use OpenID, you can just enter your own URL. You don’t have to remember the URL of your Google profile, or your LiveJournal address, or any of that non-memorable stuff. Your URL is your identity.

In the future, as long as you still have your web site, you can use that as your OpenID. If you ever change your OpenID provider, it should just be a simple matter of updating the delegation code and the magic bits will do the right thing… much less painful than changing your actual phone number or email address and having to tell everyone. With delegation, you just update your own site, and let the machines sort it out from there.

|


buy the button:

Buy The Button