Clever Geek Handbook

Launching an OpenID Organization

I recently wrote an application that uses OpenID for authentication. Nowadays many web applications are migrating to OpenID as they already have a user ID / password authentication scheme and OpenID is just an add-on. Since my application is new, I figured there was no point in programming a separate user ID / password based authentication mechanism when I can rely entirely on OpenID for all authentication.

But of course, as soon as I presented the application to the client, she asked, "OK, how do we create user accounts and reset their passwords"? Clearly, she didn't want users to create their own OpenID if they didn't already have one.

I had a preliminary answer to this question: "You can always run your own OpenID server". I probably didn't give this answer much thought, as many OpenID server implementations are pretty crude and require a lot of work before they can be put into production.

So my question is, does anyone have experience with a private OpenID server solely to authenticate its own users. Here are the features I'm looking for out of the box support:

  • Ability to download user accounts
  • The self-service password is reset via confirmation email.
  • Administrative functions (lock / unlock / disable accounts, troubleshoot, etc.)
  • Appearance presented
+1


source to share


4 answers


there are ready-to-use frameworks. you only need to put them together. this can be done quickly.



you haven't written about your platform, but if you like using php take a look at "zend framework" or "php openid"

0


source


This doesn't directly answer their question, but how many people are online and don't have an account with Yahoo, Flickr, AIM, WordPress, Myspace, Google, or MSN? They are all OpenID providers.



I would say that for a tiny% of the "clean population" that doesn't use any of these services, just point them to Vidoop or MyOpenID and let them get an account from someone who already has a secure infrastructure.

+2


source


This was originally my thought ... But the app is for non-internet users, so it is expected that they may or may not have any of the above accounts.

Another thing: MyOpenID gives you a clean, beautiful URL when Yahoo (for example) doesn't. Even if you know the person has a yahoo account, you cannot just use username.yahoo.com. Google is the same thing - first you have to use your google account to activate your blogspot account and then you have an OpenID which may or may not correlate with your gogle id. So, if you have a list of users and even if you know they are all on google or yahoo - even then you cannot make assumptions about their OpenID url

+1


source


I use OpenID in my own applications, but if I had to reach out to a client and they brought up the question that you have passwords and stuff, I would just tell them that the ISPs will handle it for them. If they didn't like this idea, I would give them the extra hours it takes to set up the membership system. This way, you get more charge and you have a happy customer. I don't think the general public will be looking for OpenId for years to come.

0


source






More articles:


All Articles