OpenIDOpenID screencast
OpenID’s biggest problem is its learning curve. Using it as actually really simple, but if you’re not technical the amount of stuff you have to know before you can understand it is enormous. If you are technical, it just doesn’t seem like it should work—there are a bunch of questions that come up every time OpenID is discussed anywhere (“but surely there’s nothing to stop someone else from spoofing your ID”) which OpenID has answers for, but which are easily misunderstood.
The magical moment with OpenID comes the first time you log in to a site by typing your OpenID and clicking a button. In my experience, that’s the point where people convert from OpenID skeptics in to OpenID believers.
To that end, I’ve put together a screencast:
It’s 5 minutes 46 seconds long and demonstrates creating an OpenID (using MyOpenID) and logging in to a number of websites with it, then explains how other providers can be used to avoid having a single point of failure. It also touches on delegation; I decided not to cover that in detail for fear of giving people too much information up-front.
It’s the first screencast I’ve done, and I can confirm what everyone else has said: those things take ages! It took around seven hours to edit together less than six minutes of footage. If anyone’s interested I can write up some of the things I learnt in the process. Mark Pilgrim’s notes proved invaluable.
I’m hoping to get the screencast in front of as many people as possible, so please link to it if you find it useful. Link directly to the screencast page and not to this entry; the screencast page is being served statically by nginx which should hopefully help avoid a repeat of the meltdown I had on Tuesday.
Great stuff Simon. I was able to follow along, and then create my own OpenID and hook it to my domain pretty darn easily. Hopefully more and more sites adopt it.
ok, cool, next stop : implementing openid on my own weblog.
Nice screencast. Would definitely be interested in your notes on how you did it.
Parand - 23rd December 2006 01:16 - #
I've been thinking on and off about implementing OpenID on my Web log (when I finally get it running again) for some time. Your demonstration makes it seem far simpler than the specification did last I looked at it, that's for sure. :)
Now, to finish writing a decent HTML parser... :(
J. King - 23rd December 2006 01:52 - #
Simon, this is excellent. I have been waiting for this. OpenID is another one of those things that is easy to understand after you do it or somebody shows you. The screen capture was just the thing.
Excellent Simon! I very much enjoyed this. You are a natural at explaining technology. Keep it up!
Adam Platti - 23rd December 2006 15:18 - #
Hey Simon, great stuff!
I just posted about your screencast over on the Zooomr Blog.
Happy Holidays,
-Kristopher
http://blog.zooomr.com/2006/12/23/how-to-use-an-op enid-a-screencast-by-simon-willison/
Hey simon,
Been using OpenId for a while but your screen cast was pretty helpful. Showing what sites you can use OpenId on and links on how to make your domain an openId.
Thanks, Keep up the Great Work,
and Happy Holidays.
This is great, thanks! (I'm posting this with my new openID btw)
Nice work. I never realised how the server/delegate thing worked until you started posting about OpenID this week. It's great being able to use SixApart's server while still using my own blog URL as my ID.
Merry festives!
Rod.
Simon this is fantastic! Much, much needed ... I'll be spreading the word about this far and wide ... the OpenID community thanks you for all of your hard work.
I just wanted to comment on the excellent editing; no uhms and ahs, no keyboard clatter, no uncoordinated screen actions, and absolutely crisp voice-over. The mostly smoothly produced screencast I have seen so far; bravo.
Where's the best place to find these answers? Having looked at the source code for phpMyID I'm even more baffled than before - to run my own server securely do I need SSL or does it do an authentication handshake (which the code made some reference to)? Your screencast has cleared a few questions but still...
Now if there was some way to use public/private keys for authentication (a la ssh) I'd be even happier :)
PS: I got this wonderful error while trying to post the comment: "Text is not allowed inside blockquote"!
Peter Bowyer - 24th December 2006 09:44 - #
Peter: the answers are scattered around the OpenID site and spec and the occasional FAQ elsewhere, but they could certainly be better explained in a single location.
The blockquote bug is pretty unfortunate. It's invalid HTML to put text directly inside a blockquote without surrounding it with a block level element of some sort (normally a paragraph). My manual XHTML validation system knows this, but provides a default "X is not allowed in Y" error message, which in that case makes no sense at all. I'll have to revisit that bit of code and add some custom error message hooks.
Great screencast Simon. Finally convinced me to get onboard. Thanks a lot.
Merry Christmas and Happy New Year.
Simon, what a great screencast. I've heard a bunch about OpenID in the past, but I never "got" it until reading these posts and watching that video.
One of the things I don't understand is what stops someone else from utilizing your OpenID to log into a site? Are they maintaining an authorization cookie on your machine?
Thanks!
Doug
Doug Karr - 25th December 2006 04:30 - #
I guess it should reduce the burden of remembering different passwords everytime, but my question is how safe is it? if you keep the same password for all of them, then it is rather easy to hack into all of them at once.
Dedicated hosting - 25th December 2006 11:36 - #
Doug: Yes, you log in to your identity provider (LiveJournal or MyOpenID or whatever) as you would any other web application - so they use a cookie to track that you are logged in. They can then check that you really are the owner of your OpenID, and respond to authentication requests accordingly.
Thanks, Simon! I noticed the option to login with openid at livejournal and was curious about it, but never got around to seeing what it was. Now I know!
Thanks for the excellent screencast - I've just set up my openid! :)
Very cool Simon. I ran across your video on digg, and decided to set up my own openid. This is clearly at its infancy stage, but I don't think it'll be long before some mainstream sites begin to embrace it.
Toma trackback: http://www.alfonsojimenez.com/2006/12/28-simon-dic e-openid-screencast
:)
Cool. Works like a charm
Thanks for the great info Simon, I think you'll be instrumental in getting the OpenID revolution across the web.
Great work!
Just a quick note to say how simple this has made the whole process from my "user" perspective. Now it is just a process of figuring out how to do this kind of thing for my website when I get around to finally updating it!
This is great stuff, I have not got it running on my server. Many thanks for the screencast, I probably wouldn't have bothered if I hadn't seen it.
Nice work Simon, I've just tried setting up my own OpenID server and it works great, much easier than remembering a million and one different logins.
Implemented, and with this comment, tested. :-) :-P
Great job Simon, this really got me going with OpenID.
Very interesting Screencast, thanks!
Chris - 2nd January 2007 11:16 - #
I just "released" my Django-based OpenID server/provider implementation. It is by far not finished etc, but it does work, with some manual fidling.
Patched etc happily accepted in my mailbox, I'll set up a Trac environment later, and will blog some more information soon.
SVN is at http://svn.nicolast.be/djangoid
Have fun!
(FYI) Trac is up: http://trac.nicolast.be/djangoid/
(FYI) Trac is up: http://trac.nicolast.be/djangoid/
Eric Skogen - 3rd January 2007 20:31 - #
Wow, I'm hooked.
Will certainly look into implementing an OpenID sign-in on my own Django powered site. Any useful Python libraries out there for this?
That would be the JanRain library available from http://www.openidenabled.com/openid/libraries/pyth on
It can take a little fiddling but works well (having just worked it into my Django based site). There is an entry on this in the Django cookbook as well (http://code.djangoproject.com/wiki/CookBookShortcu tsOpenIDAuthentication ). It does require some small changes to work with the current version of the openid library but its nothing too harsh.
Nice video.
I used my Technorati ID to log in here. But does anyone know the address of the Technorati openid server to I can use my own domain name and delegate authentication? Can't find it anywhere.
Is there an example implementation of setting up an OpenID consumer for a django powered website?
I'd love to integrate it with my personal blog, but I'm not quite sure where to start. I set up auth/auth, but it's not currently active. I'm assuming it would be some modification of that system.
Codemac: check the examples/consumer.py script in the python-openid sources.
It shouldnt be too hard to write an openid based auth class for the django.contrib.auth system. There's a ticket on that in Django's Trac: http://code.djangoproject.com/ticket/3213
As mentioned there, my djangoized store implementation might be useful.
Nicolas
ahhhh, thank you Nicolas. I'll be trying that out today, and hopefully make a write up for others to follow.
Thanks for sharing your work :)
Now we need a system for associating emails with openids (an email header?). Something like: I provide you my OpenID in the header of my email. You can go to my openid enabled page where I have hashes (or something) of the messages sent to all email addresses. Logging in returns the hashes for the email address connected with your openid. If the hash isn't there the message didn't come from me (or is too old). Has something like this already been done? Is this a bad idea? Could it significantly reduce unwanted email?
Hey,
Thank you. That was really easy, and I'll start using OpenId on my webapps.
I'm hooked too. I want to promote this with information architects.
Question: if my site implements openID, can I get access to a user's email tru it? Or does it *only* replace the username and password, and I'd still have to ask the user for their email and permission to send them stuff.
Peter: generally you only get their OpenID; it's up to you to request (and validate) their e-mail address and other details.
There's an extension to the spec which allows sites to request as e-mail address / other personal information with the permission of the user. MyOpenID.com supports it.
Great stuff! Thanks Simon.
I've seen a few references to this on and off for the last month or so. Your screencast hooked me. Very well done. Time to integrate this in to a few of my sites.
Great screencast. Thanks for taking the time to share this!
One big mis-statement -- signing in with openid does not prove you are who you say you are. It proves that that openid is correct. As you showed in the sign up process, there is no tie between the real you and your openid. Indeed, you showed that one can have multiple openids. If this becomes popular, the openid providers will have to learn real anti-abuse techniques. (Actually its worse, all of the providers have to learn and implement them at virtually the same time -- the bad guys will quickly learn where the laggards are.)
miley - 18th January 2007 18:42 - #
Thank you Simon!
Heard about this stuff, but didn't understand it fully.
Your explanation was clear and simple, so now I get it. At least how to use it.