At the Forge - OpenID
With all the background information out of the way, let's create and use an OpenID. An OpenID is nothing more than a URL, typically written as http://USERNAME.PROVIDER.com. For example, my OpenID is http://reuvenmlerner.myopenid.com.
Notice that I can share this URL publicly; there is no reason for me to keep it secret. MyOpenID.com is just one of several OpenID providers. Indeed, many people already have an OpenID, even if they don't realize it. For example, if you have a blog at LiveJournal, that URL can be used as your OpenID.
To sign up for an OpenID, simply go to the home page of your provider. For example, go to the MyOpenID.com home page and click on “sign up for an OpenID”. That takes you to https://www.myopenid.com/signup, which asks you to enter a user name (it must be unique) and a password. You also can provide an e-mail address, which is optional, but doing so allows you to recover your password if you ever forget it. Finally, MyOpenID.com uses a captcha to ensure that a person, rather than a program, is signing up for the account.
Once you have signed up for an OpenID, you can use it to log in to a Web site that supports it. Typically, logging in to a Web site requires that you enter both a user name and password. But, if you use OpenID, you enter in neither of these to the Web application's login screen. Instead, you enter only the URL of your OpenID, including the http prefix that we so often ignore nowadays.
For example, I can go to www.wikihow.com, a site that lets anyone create a how-to manual. I click on “create an account or log in” at the top of the page, which brings me to a login screen. The resulting screen tells me I can log in using OpenID, if I want, by going to www.wikihow.com/Special:OpenIDLogin. (In other words, wikiHow has two separate login pages: one for regular users with a user name/password combination and another for OpenID users, who enter only their OpenID URL.) Finally, I enter http://reuvenmlerner.myopenid.com into the text field.
Because I had logged in to OpenID earlier, I wasn't asked to provide my password. However, this is the first time I've tried to log in to wikiHow with OpenID. Thus, MyOpenID.com must verify that I am willing to share information with wikiHow. I click on the allow forever button, which means whenever I'm logged in to MyOpenID.com, it should share information with wikiHow. After clicking this button, I am redirected back to www.wikihow.com, where I am logged in and identified by my first name.
This system works quite well in my experience, and you quickly become used to the back and forth authentication process. However, major problems remain. What happens if MyOpenID.com goes out of business? What if its database is compromised? What if it turns out to be highly unethical and is using people's IDs? What if I find a provider whose Web site is more attractive to me?
I always can switch to a different provider, of course. But, that effectively means having a new and different user name on a site. On a social-networking site, this obviously would be disastrous, as I would need to reconnect from my new account to each of the people in my old account.
The solution to this is quite clever. Instead of giving people the OpenID I mentioned above, I instead give them an OpenID on a Web site that I control, whose URL is unlikely ever to change. For example, I can give an OpenID of http://reuven.lerner.co.il.
I know that the lerner.co.il domain will remain mine forever. Thus, I can be reasonably sure that this URL also will be in my possession for a long time. Moreover, I control the contents of the home page. That page may contain any HTML content I want. But, it also should contain the following two <link> tags in the <head> section:
<link rel="openid.server" href="http://www.myopenid.com/server" /> <link rel="openid.delegate" href="http://reuvenmlerner.myopenid.com/" />
We already saw how I can log in to wikiHow by giving my OpenID at MyOpenID.com. But, with the above lines in place, I also can log in to wikiHow by entering http://reuven.lerner.co.il.
This tells wikiHow to retrieve the home page from my personal Web site. It uses the first <link> tag to know which server to use and the second <link> tag to know which user name and ID to authenticate. Everything then continues as usual. I authenticate myself as necessary against MyOpenID.com, which then redirects me back to wikiHow.
The beauty of this redirection system is that if I decide against using MyOpenID for any reason in the future, I simply change the <link> tags in index.html. wikiHow and all other sites will follow whatever reuven.lerner.co.il points to, whether it's MyOpenID.com, Vidoop.com or something else. In this way, I ensure that my OpenID always is associated with the provider who offers me the best combination of security and usability for my purposes.
Unfortunately, things don't always go smoothly. For example, when I registered with wikiHow, it got my nickname (Reuven) from MyOpenID.com. When I try to log in with my new, redirected OpenID, wikiHow thinks it's dealing with a new user—one whose requested nickname clashes with that of an existing user. So, the key is to set up and use the redirecting URL early on, and not switch to it after you already have used OpenID for some time.
There are other problems as well. For example, I currently juggle two different sets of identities on-line, as some companies want to deal only with US citizens living in the United States. And, although I'm currently back home in Modi'in, Israel, I continue to have a US phone number (through Skype), a mailing address (at my parents' house), and a US bank account and credit card. So, I need two separate identities: one with my Israeli information and another with my US information.
Fortunately, OpenID 2.0 supports both the export of information to the consumer application and also the use of multiple personas. Each persona can have a separate name, nickname, image and location, and I can choose which persona is associated with each consumer, under the umbrella of the same OpenID.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Chris Birchall's Re-Engineering Legacy Software (Manning Publications)
- The Italian Army Switches to LibreOffice
- Linux Mint 18
- Petros Koutoupis' RapidDisk
- ServersCheck's Thermal Imaging Camera Sensor
- Oracle vs. Google: Round 2
- The FBI and the Mozilla Foundation Lock Horns over Known Security Hole
- Privacy and the New Math
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide