OpenID and Web Authentication

OpenID is a relatively new (since 2005) grassroots idea, founded on the open source paradigm. It makes it easier to achieve a "Single Sign On" (SSO for those that want to be in the know.(I know you're thinking great another TLA (Three Letter Acronmym(Ironically, itself a TLA.))))

Ok, so you want to be able to not remember 30 different Usernames and Passwords. Here's what I've done and how I've done it, so far.


Click "Read Full Post" below to read the rest of this.
Since I'm going to be using my easily remembered blog URL for delegation, I used the directions from Blogger in Draft. In my case, I pasted in the following after my shortcut icon mark-up in the head section of my blog (you can view source to see how and where lines 5 & 6):

<link rel="openid.server" href="http://draft.blogger.com/openid-server.g" />
<link rel="openid.delegate" href="http://ai-onemansquest.blogspot.com/" />

Now that doesn't create an OpenID, it merely makes it so that I can use my blog address to act as a delegate server for an OpenID provider.

Then I went to http://wiki.openid.net/Public_OpenID_providers to find a provider (these are slightly out of sequence of how I should have done this, but it works anyway, and made it slightly easier when I needed to copy some values.) From there I found that Verisign Labs (you know, the people that provide all of the security certificates for websites) has a free provider, VeriSign's PIP so I decided they would probably be around for a long time, and since everyone trusts them with monetary transactions, they may be a good choice. So I went there and clicked the "Get Started Now >" button. This page asks you to fill-in some stuff, Username (your choice,) Password (again your choice, it says minimum of 6 characters, but I prefer a longer more secure password personally with numbers and symbols and more than a single word, (and you can't use the Username in password field,)) Confirm Password (no choice here unless you change the Password field,) and email address (any will do, just be aware that they are going to ask you to confirm it by sending you an email, with a link that you'll use to login using the UID & PW you're creating.) Then of course to prevent the creation of accounts by spammers using scripts, they have a requisite Captcha where you have to be able to read the distorted text amongst the distorted grid. You hit the "Create Account" button to proceed.

I'll let you continue from there without my own documentation of the process. Once you have all the stuff that is requested or you care to fill-in, check your email account you provided, and follow the link in it, and sign-in.

Verisign also created a FireFox Add-on, called SeatBelt, which you can install as an aid for managing both providers and delegates, and IDs (Verisign allows you to add as many IDs as you desire, although I'm sure there's some kind of limit.) It's pretty cool, since you can use it to automatically sign you into your provider each time you start FireFox, it shows your status, and has an anti-phishing feature for your protection. I'd recommend its use, I'd also recommend the use of FireFox, since it makes browsing safer just by itself, and there are other Add-ons that let you block Ads, do development, et cetera. Of course if you use SeatBelt you have to use FireFox (duh, did I not mention that?) Verisign also provides some links to sites that utilize OpenID, so you can test it, I went to MakeMeSustainable, which kind of was a downer, since it says I'm responsible for something like 6.1 tons of carbon per year (I don't eat that much, and I don't drive that much either (I guess part of it is that I eat red meat.)) SeatBelt will have to be installed, so you have to add them to the sites you trust to install from, install it and restart FireFox. Then SeatBelt has to be configured. By default it adds an icon to your toolbar, but if you right-click and go to "SeatBelt Settings..." and you can make it show on the Status bar instead. Nothing is set selected either, here's how mine looks:


(Click the pic to see it bigger)

As you can see, there are tabs to allow you to add your providers, which you can have more than one of, and delegates. Its the delegates that we put our blog URL into, if we want to use it as our login. Pretty simple, just a lot of words here.