My Blog/My OpenID
There's been a lot of news the past couple of days around the announcement of a collaboration agreement between OpenID role players (JanRain, SXIP Identity, VeriSign) and Microsoft's Windows CardSpace on the use of Windows CardSpace with the OpenID 2.0 specification. (OpenID is an open, decentralized, free framework for user-centric digital identity. See the section below for a short overview on how it works)
From Microsoft's side there will be support for OpenID in future identity server products and for end-users and relying parties there will be the benefit of more secure phishing resistant authentication based on the Information Cards when using OpenID based sites. For relying parties this also mean that they wouldn't need to support two different identity protocols and in future will be able to accept OpenID and Information Card based authentication from a single code base. (See Kim Cameron's post and the links from there for more details)
A quick overview on how OpenID works from the OpenID website :
OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity.
The first piece of the OpenID framework is authentication -- how you prove ownership of a URI. Today, websites require usernames and passwords to login, which means that many people use the same password everywhere. With OpenID Authentication (see specs), your username is your URI, and your password (or other credentials) stays safely stored on your OpenID Provider (which you can run yourself, or use a third-party identity provider).
To login to an OpenID-enabled website (even one you've never been to before), just type your OpenID URI. The website will then redirect you to your OpenID Provider to login using whatever credentials it requires. Once authenticated, your OpenID provider will send you back to the website with the necessary credentials to log you in. By using Strong Authentication where needed, the OpenID Framework can be used for all types of transactions, both extending the use of pure single-sign-on as well as the sensitivity of data shared.
If you've got a Community Server based blog and you want to use your blog (http://dotnet.org.za/armand in my case) as your OpenID Identity URL you can follow these simple steps:
- Sign up with for an OpenID account at an Identity Provider. One such Identity Provider is JanRain's free MyOpenID service. (My OpenID is http://armanddp.myopenid.com which is the delegate for my identity I'll use in the next step)
- For OpenID authentication to work with your own Identity Url using a third party identity provider you'll have to make sure the following tags are embedded in the HEAD section of the HTML returned from your Identity URL to ensure authentication is delegated to the actual identity provider (See delegating authentication in the OpenID spec for more info):
- < link rel="openid.server" href="http://< your identity provider >" > - (For MyOpenID the value is http://www.myopenid.com/server) This
- < link rel="openid.delegate" href="< your account at the identity provider" > - (For me the value is http://armanddp.myopenid.com)
- To embed these tags in Community Server you just need to add them to the Raw Header field under your Blog Dashboard -> Global Settings -> Title, Description and News -> Raw Header :
- That's it. You can now sign in to any OpenID enabled site using your Community Server blog url as your Identity Url. (Try it at http://runlog.media.mit.edu/ or any other the OpenID enabled sites in this directory. ) Hopefully soon to this site as well :)