Difference between revisions of "OpenID"

From YobiWiki
Jump to navigation Jump to search
Line 13: Line 13:
 
* Why Belgium government doesn't provide OpenID through [[Belgian eID|eID]] as well??
 
* Why Belgium government doesn't provide OpenID through [[Belgian eID|eID]] as well??
 
* Actually it seems [http://openeid.be someone] will propose it soon but it's US based!
 
* Actually it seems [http://openeid.be someone] will propose it soon but it's US based!
  +
* Ok [OpenID-eID let's try ourselves]
   
 
===Be your own!===
 
===Be your own!===

Revision as of 20:33, 19 February 2008

Links

Identity provider (OpenID provider)

Service providers

  • Big ones
  • Flickr should become one soon...
  • OpenMinds is probably the first Belgian provider
  • Estonians can use their eID as OpenID
    According to this blog this should cover other European countries such as Belgium as well
  • Why Belgium government doesn't provide OpenID through eID as well??
  • Actually it seems someone will propose it soon but it's US based!
  • Ok [OpenID-eID let's try ourselves]

Be your own!

  • phpMyID
    • Standalone, single user, OpenID Identity Provider
    • Very easy to set up!
    • Authentication based on HTTP Digest
    • Supports also pavatar and MicroID

Recipes

  • There is an example given with php-openid
    apt-get install php-openid
  • OpenId for non-SuperUsers, using phpMyID, a fallback OpenID service provider and some delegation so you can use e.g. your blog URI as identity.

Relying Party (Consumer)

Mod Auth OpenID for Apache

apt-get install libapache2-mod-auth-openid

Recipes

Libraries

Security

Some are worrying about easier phishing attacks as the relying party could redirect you to another identity provider than yours.
That's why it's good to have diversity and to have your own identity provider hosted at your own server, with your own style and your own authentication method
If there will be phishing, that will occur for the big OpenID providers.
But if you're using a self-signed SSL identity server, for sure man-in-the-middle SSL attack can occur much more easily so don't rely on it!
Using Digest access authentication through e.g. Apache AuthDigest over HTTP is probably a much better idea than Basic access authentication over HTTPS.