ShareHim

ShareHim has started initial tests with OpenID and hope soon to be able to provide this feature to all of our users.

What is OpenID?

Are you tired of remembering many different user names and passwords? If you are often using the web I'm sure you are! Then you definitely want to spend a little time getting to know what OpenID is.

OpenID is the new and very promising method of identifying yourself on the Internet. OpenID has been around for several years (began around 2005-2006) and is starting to catch fire. Nobody owns OpenID, it's free and open for anybody to comment on and participate in the development.

Instead of using user names and passwords, you can use a single unique, easy-to-remember ID to log into any website (or other system) that supports OpenID.

There will be one single place where you will need to log in and securely identify and prove yourself. This can be done using a regular user name and password, finger print scanning, special "password" devices, or whatever means of identification that will make sure that only you can log in as you. Then other systems where you want to log in to, can ask this place to testify that you really are the one you say you are, and depending on the answer give you access to their site. This process is done with modern and strong encryption, so that it will be a safe way of identifying yourself. OpenID is highly recommended by security experts like eg. Steve Gibson.

How does an OpenID token look like?
An ID normally takes the form of an Internet address, eg. http://www.johndoe.com or abbreviated to johndoe.com. Your OpenID token can be any URL (Internet address/web page) that is under your control, for example your personal web page or your blog. This address is what you provide to the websites you want to log in to. Another example could be http://myopenid.com/johndoe or abbreviated to myopenid.com/johndoe.
It will also be possible to use i-Names with OpenID (eg. =johndoe or @myorganisation).

How do I get started and obtain an OpenID?
You will need to register an OpenID at a so-called OpenID server/provider. There are many different OpenID providers out there that will give you an OpenID for free. The most known ones are MyOpenID, ClaimID and LiveJournal. If you have an AOL account you already have an OpenID - see more info here. They will give you an ID for example in the style of henrymartin.myopenid.com that you can use to log in for example at ShareHim. The extra smart thing is that you can link any other OpenID to this OpenID account if you would like to use something that is shorter and easier to remember. This ID can be any URL/address that is under your control as mentioned above. So if you have bought the domain name henrymartin.com you could link this to henrymartin.myopenid.com and use the shorter ID for logging in. This is done by adding two simple lines of text to your web page. Check with your OpenID provider for exact information to put there.

If you have any questions feel free to ask Allan Jensen.

Technical Details

Security guru Steve Gibson and Leo Laporte has an excellent podcast on OpenID (episode #95) - and many other security issues.

The official OpenID website. An OpenID community website. A good sketch for understanding the OpenID Protocol. An OpenID FAQ.

If you run your own web server it is easy to set up your own OpenID server using for example phpMyID or the JanRain PHP OpenID library. Running your own server has both pros and cons.
The advantage is that you have complete control over the server and your ID, and nobody else can access the information attached to your ID or control how you identify yourself to the server. The disadvantage is that you need to make sure your server is fully secure, up-to-date, and that no one will have the possibility to pretend that they are you. But because of the great flexibility and openness of the OpenID protocol, you don't need to run your own server to use your own domain names and Internet addresses as your OpenID. Check with the OpenID provider for specific information to add within the ') ?> tags on your web pages you want to use as your ID.

If you are a website developer the article A Recipe for OpenID-Enabling Your Site and OpenID libraries are good places to start finding out how to implement OpenID on your website. Look at the examples provided with the libraries.