Friday, 22 February 2008

OpenID's

I was recently asked about openID's after one user had thought that it was not secure and quite frankly seemed pointless.
I also thought the same when I first seen openID support on my blogger comments. I figured if I could just write in any url then I could be anyone. I wanted to how is that secure?

Well ladies and gentleman, openID is a little bit of a magician and works in mysterous ways.

(Here is my reply to the above blog entry)
The way open ID works is, say you comment on a blogger blog with your wordpress URL, the first instant you submit your comment, openID checks your computers cookies to see if you are already logged on to wordpress with that URL username. If you are logged on under the correct URL/username then your comment gets posted. If you are not logged on to wordpress then your comment is rejected.

The simpliest way to try this out is to log out of wordpress, find a blogger blog to comment on - say this one. Submit your comment and your wordpress URL. What will happen is openID will check your cookies, and if you remembered to log out of your wordpress account, you will be asked to log in to wordpress first.

So unless you know the password to the url you submit you cannot post under that url.
Which is great now, as all those people with wordpress blogs but blogger accounts to post comments on blogger friends, no longer need to worry about logging in to blogger. Just carry on using your wordpress openID.

You could also try it out by submitting a comment under a url that doesnt belong to you, say a friends. OpenID will see you are not logged on under that username and reject your comment.
Cool eh! And safe.

The reason you may not have noticed anything at present will be because you have “keep me signed on all times” ticked on your blog.

So unless someone can log on to your account with your own password they cannot post under your url. Very secure and no way of fake posters.
So now anyone who comments with openID I will know is genuine.

The power of cookies. It all seems fancy and magical.

Now I want a cookie.

Visit http://openid.net/ for more info, which sites already support openID (you might already have an openID) or how to get one.

14 comments:

bluesoup said...

Wow, actually... that is awesome :)

Robbie said...

See now you can just keep logging in as bluesoup wordpress anywhere you comment. Cool

tenderhooligan said...

Testing as myself!

tenderhooligan said...

YAY! I signed out of WP, tried to comment as myself, and it told me to sign in. I did that, and my WP dashboard then told me that I could continue to Blogger, and here I find my comment. That is excellent!

I tried as blue and pinky too and it didn't work, so you were absolutely spot on!

justaurl said...

excuse me while I test... talk amongst yourselves

James said...

See that it was it is crap about OpenID is that it takes the first part of my url as my username (justaurl). I want it to use my profile name.

Robbie said...

You can still make poor attempts at being an imposter.

Robbie said...

Hooligan, good to see it worked without ruining what I had said.
So it is very safe. Plus your comment will have the openid logo next to it so I know it's definitely you.

James Yes it does have limitations. Although I think if you set up a proper openID account you can get the name/link to act differently. Check out openid.net for openid regsitering websites and see what they offer.

Anonymous. Yes you can make poor attempts at being an imposter. But I have a very open blog and allow anonymous comments.
Blogger allows you to stop anonymous comments altogether and in those cases you wouldnt be able to post at all.
Plus your icon doesnt have the openID logo next to it so I know not to trust it.

J-Money said...

Damn, there goes my plan to spend the rest of the day posting comments under the name "Robbie".

Robbie said...

JMoney, plus I think you would of been rumbled quite quickly as your much funnier then me.

survivingmyself said...

yay for cookies!

pinkjellybaby said...

weeeeeeeeeeeeeeeeeee

Boy said...

I've been thinking of switching over to openID for sometime now, but just haven't gotten around to it. I'm hoping it's only a matter of time until google implements openId, which I'm sure they will, as it's extra data for them to get their hands on.

Robbie said...

Boy I think you might be right, I rekon Google will adopt it.
I don't think I'll ever sign up to openID, not unless Google do and then I'll take advantage of that.