Finally a decentralized way of signing into multiple services is here. Now with Yahoo and Google supporting OpenID looks like it is going to take over the world and replace other authentication systems. (good by .NET passport !)
I was using my OpenID URI http://freebird.myopenid.com for sometime now & wanted to use my domain as my OpenID.

how to use blog URL (blogspot) or a domain as OpenID URL

  1. Sign up for an OpenID with a ID provider. (http://myopenid.com is what I am using)
  2. open the index.html or template of your blog / website and add the following to head section.

<link rel=”openid.server” xhref=”http://freebird.in/wp-content/uploads/2008/02/server”  />

<link rel=”openid.delegate” xhref=”http://freebird.in/wp-content/uploads/2008/02/freebird.myopenid1.com”  />

The advantage of this method is that our OpenID will remain the same and we can change the ID provider.

In the case of a wordpress blog, we can edit the header.php file of the active template and add the above in the head section.

Enabling OpenID for wordpress blog

  1. get OpenID plugin for wordpress from here
  2. follow the instructions to activate the plugin
  3. if needed, edit the comments.php file of your template as mentioned the README file

9 thoughts on “OpenID

  1. @ Rain In the face

    I don’t think yahoo offering has much importance. Anyway they are an ailing company. If Microsoft acquires it things will become worse that it. Both the companies give least importance to security. And personally I am not going to use Yahoo OpenID for my authentication needs.

    you know what happened with Bangalore Weekend shoots (http://flickr.com/groups/bangaloreweekendshoots/ )

    we had support tickets raised, cried out for help in the forums (http://flickr.com/help/forum/en-us/64948/) but nothing happened. I don’t want to use such a company’s offerings.

    @ vanchi,

    even I had the same concerns but i think in the case of OpenID we have better control over our online security. If one of the OpenID providers are compromised we can switch to another one and keep our id, in my case http://freebird.in intact.

    Use features like safe sign in, never say “Allow for ever” etc will definitely improve your security

    @ pravi,

    service cracking is still possible. Its all over the place. For the recent example go to the links i had give above. I am not sure how the attack happened but it may be because of Yahoo’s BBAuth’s bugs, flickr API’s bugs or even a password theft.

    In today’s scenario the the most important scenario is the social networking attacks than a breaking in attack. We sign up into n number of different services with different UID combinations and I don’t think we are able to keep strong passwords for all. In short the best solution is to go for a secure, manageable authentication mechanism independent of the service providers. OpenID do have its holes, but it will stabilize in the times to come.

  2. Vanchi,

    I guess you mean cracked. Can you give an example (just to see where you stand) how one can crack a service?

    If you noticed what freebrid wrote, you can change service providers without changing your OpenID if you want, if you are concerned about security of the provider.

  3. Pravi,

    I do not disagree with you there. My intention was to point out that Yahoo! by itself has a huge presence and once MS acquires it, by proxy, MS will be on the table at OpenID. And traditionally MS does not play well. I’ve not followed the OOXML debate too closely, but that is once instance that comes to mind 🙂

  4. yea very much. Actually I was reasearching about something so that I can write that as the 100th post. I was not able to gather enough information. So decided to proceed with other things.

Leave a Reply

Your email address will not be published. Required fields are marked *