2008-05-05

Own-Id 004

Just released a new version of Own-Id. Now gives more detail in error messages.

Incidentally, we now have 188 ids now on Own-Id. As ever, I'm always keen to hear about your experiences with Own-Id.

For testing Own-Id on my local machine, I use the MyId OpenId server which is great because it's so simple to set up, and it uses Digest Authentication which is a RESTful method that makes testing easy. For me, the one problem with MyID is that is uses a META tag to redirect the browser, but I find it easier for testing to have a HTTP 302 redirect, so I modified the source (just a simple change) to achieve this.

2 comments:

  1. It has occurred to me that it would be useful to associate an email address with my delegation so that should my provider disappear or succumb to hackers I will be able to restore access to my id.

    ReplyDelete
  2. Hi Chaz6! Good question. If your OpenId provider turned bad, how would you log in to Own-Id to make it use another provider?

    Well, it would be handled like this:

    1. You'd update the DNS to stop your host name pointing to www.own-id.com.

    2. Then your entry in Own-Id could be deleted.

    3. Then you'd re-point your host name to www.own-id.com and set it up anew.

    At the moment the deleting of the entry in Own-Id would be done manually by me. I could automate it if you like, but it hasn't been necessary up to now.

    The key thing is that an entry in Own-Id can only be deleted if the user's host name has stopped pointing to it. I've taken the approach that whoever controls the DNS for the host name, controls the entry in Own-Id.

    Let me know what you think!

    ReplyDelete