Simon Willison’s Weblog

37signals Product Blog: We’ll be retiring our support of OpenID on May 1. The support costs far outweighed the benefits to customers, especially now that 37signals have their own single sign in mechanism that works across all of their products. 25th January 2011, 4:17 pm

Vox is closing on September 30, 2010. One month seems like very short notice for closing a service of this size, especially since it functions as an OpenID provider so in addition to migrating their content away users may need to sign in to other services and set up an alternative form of authentication. UPDATE: From the comments, Vox accounts that migrate to TypePad will also have their OpenID migrated, and TypePad will continue to serve OpenID requests for old vox.com addresses. Smart solution. 3rd September 2010, 8:50 am

RasterWeb: Lanyrd. Pete Prodoehl calls me out on Lanyrd’s integration with the Twitter auth API at the expense of OpenID. I’ve posted a comment with my justification—essentially, tying to Twitter’s ecosystem means I can actually implement the features I’ve been talking about building on top of OpenID for years, with far less engineering effort. 31st August 2010, 8:49 pm

App Engine at Google I/O 2010. OpenID and OAuth are now baked in to the AppEngine users API. They’re also demoing two very exciting new features—a mapper API for doing map/reduce style queries against the data store, and a Channel API for building comet applications. 20th May 2010, 3:30 pm

Stack Overflow Blog: OpenID, One Year Later. Google’s support is a huge deal—61% of Stack Overflow accounts use Google. Google’s implementation of directed identity has caused problems though, since Google provide a different OpenID for each domain making it hard for Stack Overflow, Server Fault and Super User to correlate accounts. Their solution is to require a (verified) e-mail address from Google OpenID users using sreg and use that as a key for the accounts. 14th April 2010, 8:46 pm

RFC5785: Defining Well-Known Uniform Resource Identifiers (via) Sounds like a very good idea to me: defining a common prefix of /.well-known/ for well-known URLs (common metadata like robots.txt) and establishing a registry for all such files. OAuth, OpenID and other decentralised identity systems can all benefit from this. 11th April 2010, 7:32 pm

Yahoo! OpenID: Now with Attribute Exchange! The nice thing about this is that an e-mail address obtained from Yahoo! via attribute exchange has already been verified, so you don’t need to perform the e-mail roundtrip yourself. I expect a lot of OpenID consuming sites will end up with internal whitelists of OpenID providers who they trust to provide verified e-mail addresses, with users of sites not on the whitelist still getting e-mailed a verification link. 5th December 2009, 5:25 pm

OpenID: Now more powerful and easier to use! The OpenID+OAuth hybrid protocol (where a user can sign in with OpenID and grant an application access to their OAuth protected resources such as a contact list at the same time) is now supported by Google, Yahoo! and MySpace—this feels like OpenID finally coming of age. 25th September 2009, 9:08 pm

Evidence of OpenID at Amazon. It looks like Amazon are using OpenID for SSO between their different properties—I clicked a link to sign in to AWS and the URL had OpenID query string parameters. 6th July 2009, 1:25 am

Exclusive: The Future of Facebook Usernames. I have to admit I was planning to just let Facebook get on with it, assuming that the OpenID provider part would show up of its own accord—but maybe I should write a thoughtful and persuasive essay about it after all. 11th June 2009, 9:46 am

Sign in with Twitter. Intriguing: Twitter are now an OpenID-style identity provider... using OAuth. 20th April 2009, 4:10 am

“Recover my account” link on the login page. For the record, collecting and verifying e-mail addresses is a VERY good idea, even (especially?) if you accept OpenID. A verified e-mail address is still absolutely the best way to deal with lost passwords or “my OpenID isn’t working”. 16th February 2009, 10:22 pm

Plaxo sees 92% success rate with OpenID/OAuth hybrid method. Really wish I could have been at the OpenID UX Summit hosted by Facebook yesterday—sounds like an awful lot of important problems are being solved. 11th February 2009, 5:20 pm

Want Proof OpenID Can Succeed? Just Scroll Down. “It’s easier for blogs, which don’t need a lot of demographic information about a user, to let people jump in and start participating socially without filling out a registration form.” Aargh. Repeat after me: supporting OpenID does not mean you can’t require additional registration details through a signup form. 16th January 2009, 12:16 pm

Wetpaint no longer supports OpenID. I missed this, but they turned off their OpenID support in November due to low usage and high maintenance costs. 8th January 2009, 2:53 pm

Talking about OpenID. “So a relying party walks in to a bar...” 5th January 2009, 10:46 am

Getting OpenID Into the Browser. David Recordon makes the case for online identity management as a key browser feature (I like the “your browser is currently locked” concept), and argues that Gears is in a great position to deliver it. 3rd December 2008, 10 am

Clearing up inaccuracies about the Google OpenID IDP launch. Google took some undeserved flack when they launched their OpenID provider. For the record, whitelisting providers fits my definition of the “Open” in OpenID perfectly (providers and consumers are free to impose whatever policies they like). 8th November 2008, 11:11 pm

New OpenID Implementations Abound. I’ve missed linking to a bunch of OpenID news recently—in particular, Google Accounts are becoming OpenID identifiers and LiveJournal has quietly ugraded its consumer support to OpenID 2.0. 30th October 2008, 5:11 pm

Windows Live Adds Support For OpenID. I hope they include the option to log in to the provider using CardSpace, to address phishing. 27th October 2008, 9:34 pm

Yahoo! Releases OpenID Research. Extremely valuable research, conducted with a group of typical Yahoo! users. OpenIDs usability remains bad, and if we don’t get it right soon something centralised like Facebook Connect will take over and the Web will stop being open. 14th October 2008, 4:59 pm

Google’s Usability Research on Federated Login. Fascinating—suggests an approach to federated auth based on the Amazon.com “Yes, I have a password” login flow. Feels convoluted to me but apparently it tests really well against a mainstream audience. The more research shared around this stuff the better. 22nd September 2008, 8:56 pm

OSCON in 37 minutes. 45 OSCON talks summarised by their presenters in just 37 minutes, compiled by Gregg Pollack. I get to rant about OpenID for a minute at 27:22. 29th July 2008, 11:59 pm

Email Address to URL Transformation (EAUT) specification now available! Allows OpenID users to login using their E-mail address, which is converted in to an OpenID URL based on rules specified in an XRDS document attached to the root domain. Seems like a good idea to me. 22nd July 2008, 7:30 pm

MySpace To Join OpenID, Bringing Total Enabled Accounts to Over A Half Billion. Another 200 million OpenIDs—but the important difference between this and the Yahoo! and AOL announcements is that MySpace users know what their profile URL is. Whenever people have told me OpenID is flawed because people don’t understand URLs I’ve answered “sure they don’t, but they know their MySpace page”. 21st July 2008, 7:42 pm

RefactorMyCode.com. Neat community for discussing improvements to code snippets. Login using OpenID. 28th June 2008, 11:46 pm

OpenID phishing demo (via) A demonstration of the OpenID man-in-the-middle phishing attack. idproxy.net OpenIDs are immune to this particular variant due to the landing page not asking for your password (the phishing site could still provide their own redesigned landing page and hope users don’t notice though). 28th May 2008, 8:09 am

Byteflow Blog Engine. This looks like the most full-featured of the Django blog engines by a pretty big margin, including OpenID client and server support. A product of the growing Russian/Ukrainian Django community. 11th May 2008, 7:41 pm

SourceForge Allows OpenID Logins. Excellent—SourceForge is the kind of site that I log in to infrequently enough to always forget my password (and indeed username) making OpenID a great fit. 1st May 2008, 1:05 pm

HTML 5 vs. Yadis. The draft HTML5 spec currently disallows values for http-equiv and link rel which aren’t listed in the spec—meaning both methods of specifying a link to an OpenID server are invalid for HTML5. This should probably be fixed... 19th April 2008, 4:35 pm

PayPal Plans to Ban Unsafe Browsers. At first I thought they were going to encourage real anti-phishing features in browsers, which would be a big win for OpenID... but it turns out they’re just requiring EV SSL certificates which have been proven not to actually work. 19th April 2008, 10:45 am

OpenID for Google Accounts. Google App Engine integrates with Google’s user accounts, so Ryan Barrett (of Google) used it to build an idproxy.net style OpenID provider. 9th April 2008, 1:09 am

OpenID and Spam. Matt Mullenweg: “OpenID has a ton of promise for the web—let’s not hurt it by setting people up for disappointment by telling them it’s a spam blocker when it’s not.” True for the case of general registration, but I still believe whitelisting known OpenIDs could be a powerful tool for fighting spam on personal sites. 2nd April 2008, 7:33 pm

Interviewing Simon Willison about OpenID. I sat down with Vikram Kumar at Webstock to talk about OpenID, and the video is now online. 30th March 2008, 6:40 pm

The real roadblocks to data portability on social networks. A bunch of smart questions posed by Facebook’s Dave Morin. This is why I think data portability is the wrong framing—moving data between sites is really hard. Importing social relationships between sites is much more viable (hence my interest in social network portability). Also, the complaints about systems sharing e-mail addresses are neatly addressed by using OpenID as the GUID for a user instead. OpenIDs can’t be spammed. 26th March 2008, 7:53 pm

Clickpass. Peter Nixey’s new OpenID startup has finally launched—does a great job of making OpenID more approachable with a clean, well designed UI and a neat orange button. 11th March 2008, 4:47 pm

A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy. 8th February 2008, 11:39 am

Interview: Simon Willison on OpenID. Christian Heilmann interviewed me for the YDN blog. 3rd February 2008, 10:18 pm

Yahoo! OpenID Provider service now available as a public beta. This actually happened a few days ago, but I’ve been offline for the past week travelling to New Zealand and attending Kiwi Foo. 3rd February 2008, 10:17 pm

Telegraph to become OpenID provider (via) “The Telegraph will soon become the first newspaper in the world, and the first British media company, to become an OpenID provider.”. Didn’t see that one coming! 21st January 2008, 2:43 pm

Yahoo! supporting OpenID 2.0 but not 1.1. Yahoo!’s Allen Tom outlines the reasons Yahoo! are supporting OpenID 2.0 but not OpenID 1.1. 19th January 2008, 9:10 am

Yahoo! OpenIDs are the same for all RPs. I had assumed that Yahoo! would be using directed identity to provide a different OpenID for each user/site combination, to prevent correlation of accounts. I was incorrect; they’re just using it for easier sign-in, with the same auto-generated URL used for every site. 19th January 2008, 9:05 am

New feature: Blogger as OpenID provider (via) You can now enable your Blogger blog as an OpenID. 18th January 2008, 1:38 pm

openid.yahoo.com. Yahoo!’s human readable guide to OpenID, complete with tour. It looks like they’re relying on the “sign-in seal” to protect against phishing. 17th January 2008, 2:35 pm

Yahoo! Announces Support for OpenID. Here’s the official press release: “Yahoo! Support Triples Number of OpenID Accounts to 368 million”. Directed identity gets a mention; it’s going to be enabled for www.yahoo.com and www.flickr.com. The public beta starts on January 30th. 17th January 2008, 2:29 pm

twauth: simple mobile openid using twitter (via) Brilliant proof of concept by Ian McKellar: an OpenID provider that authenticates you by sending you a Twitter direct message. 14th January 2008, 10:28 pm

Flickr to Authenticate OpenID. Flickr /photos/username/ pages are now (almost) OpenIDs—they point at a new Yahoo!-wide OpenID server, but it hasn’t been switched on yet. It’s OpenID 2 only, presumably so Yahoo! can protect their users’ privacy by using directed identity to hide individual screen names. 7th January 2008, 10:48 pm

OpenID and Google’s Blogger. Blogger gets it wrong by displaying a nickname derived from the OpenID URL (in Malcolm’s case, “blog”) instead of the user entered nickname. 30th December 2007, 10:35 am

James Henstridge: OpenID 2.0. Excellent description of the new features in OpenID 2.0, including a clear explanation of directed identity and attribute exchange. 7th December 2007, 11:53 am

Thanks to OpenID and OAuth, the Open Social Web is Beginning to Emerge. My blog’s OpenID powered watchlist and “your comments” features got a write-up on Wired! Nice to know that someone has noticed them. 7th December 2007, 12:57 am

DiSo: Distributed Social Networking applications (via) New project to prototype a decentralised social network on top of WordPress, using OpenID, microformats and social whitelisting. 6th December 2007, 5:48 pm

OpenID 2.0 Final(ly)! Launched at the Internet Identity Workshop. The most interesting feature is probably directed identity, which goes a long way to solving some of the usability issues involved in users having to enter their own URLs. 5th December 2007, 9:01 pm

Call for Participation for XTech 2008. XTech 2008 will be in Dublin, Ireland from the 6th to the 9th of May. Lots of really interesting topics in the CfP (OpenID, OAuth, Comet, CouchDB...)—deadline for submissions is the 25th of January. 5th December 2007, 3:28 pm

Blogger: OpenID commenting (via) I may be wrong, but I think this is the first Google property to support OpenID in any way. 30th November 2007, 7:10 pm

Portable Social Networks: Take Your Friends with You. Brian Suda explains how OpenID, XFN and hCard can be used together to bootstrap portable social networks. 23rd November 2007, 11:56 pm

Giant Global Graph. Tim Berners-Lee points out that the Semantic Web is designed to solve problems such as portable social networks. 22nd November 2007, 12:30 am

How will OpenID change your site? Excellent introduction to OpenID by Peter Nixey—includes some really nice analogies for explaining both the concept and the implications. 7th November 2007, 10:41 am

MyOpenID adds Information Card Support. First client SSL certificates, now Information Cards. MyOpenID is certainly taking browser-based phishing solutions seriously. 18th October 2007, 9:10 pm

OpenID.net has been redesigned. Love the new look—much cleaner and easier to understand, and it now gives people looking to get themselves an OpenID somewhere to go. 9th October 2007, 2 am

identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin. 4th October 2007, 2:53 pm

Cronto. I saw a demo of this the other day—it’s a neat anti-phishing scheme that also protects against man in the middle attacks. It works using challenge/response: an image is shown which embeds a signed transaction code; the user then uses an application on their laptop or mobile phone to decode the image and enters the resulting code back in to the online application. 2nd October 2007, 1:14 am

BBC Radio 4—Click On. I was interviewed on today’s programme, about OpenID. The clip is about 7 minutes in to the program, which is available using RealPlayer and the BBC’s Listen Again service. 1st October 2007, 11:56 pm

Email addresses your OpenID via DNS. Sam Ruby has warmed to the idea of making e-mail addresses usable as OpenIDs via a DNS SRV record. 30th September 2007, 9:36 pm

Sun’s OpenID IdP: Real vs Fake. The thinking behind Sun’s decision to allow users of their OpenID provider to pick fake names and assign personal e-mail addresses. 25th September 2007, 10:39 pm

France Telecom Supports OpenID! France Telecom is the parent company of Orange. Apparently all 40 million France Telecom subscribers now have an OpenID. 25th September 2007, 12:49 am

Sun’s OpenID IdP: Data Governance. Lauren Wood explains the checklist used to ensure Sun’s OpenID provider adequately respected user privacy and data governance (what happens to the data that is stored). 22nd September 2007, 8:50 pm

Sun OpenID IdP: protocol and implementation review. Sun employees are posting lots of useful insights gathered during the implementation of their OpenID provider. 22nd September 2007, 8:22 pm

Quechup: Another Social Network Enemy! This is why we need to stop teaching users that it’s OK to give their e-mail username and password to any site that asks for it. 21st September 2007, 11:36 pm

OAuth: Your valet key for the Web. OAuth is a really important new specification that aims to solve the “give this application permission to do X on my behalf” problem once and for all. 21st September 2007, 11:34 pm

Google To “Out Open” Facebook On November 5. “Google will announce a new set of APIs on November 5 that will allow developers to leverage Google’s social graph data. They’ll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.” 21st September 2007, 11:23 pm

Six Apart: We Are Opening the Social Graph. Six Apart put their cards on the table with respect to the social graph problem—focusing on OpenID, XFN and FOAF as enabling technologies. Be sure to watch the screencast demo of their new social graph visualisation tool. 20th September 2007, 9:19 pm

OpenID event at the British Library. On the 8th of November. Sadly I’ll be in Berlin for the Web 2.0 Expo but it looks like a great lineup. Free to attend but limited to 50 people so book soon. 18th September 2007, 1:22 pm

Building the Social Web with OpenID. Slides from my keynote at yesterday’s PyCon UK. 9th September 2007, 12:36 am

OpenID status update from Korea. Sounds like OpenID is making healthy progress there. 19th August 2007, 6:10 pm

Group Membership Protocol Endpoint on LiveJournal. “All LiveJournal users and communities have their friend or member lists exposed via group membership protocol.” 18th August 2007, 12:56 pm

Thoughts on the Social Graph. I think social network portability will happen within the next year. 17th August 2007, 11:47 pm

A Change of Pace. David Recordon is heading back to Six Apart as Open Platforms Tech Lead, where it looks like he might get to work on social network portability. 17th August 2007, 11:46 pm

VeriSign’s SeatBelt OpenID plugin for Firefox. The first good example of browser integration for OpenID. It catches phishing attempts by watching out for rogue OpenID consumers that don’t redirect to the right place. 17th August 2007, 5:37 pm

Windows Live ID Web Authentication Released! Passport lives again! Who’s going to be first to build an idproxy.net for it? 17th August 2007, 10:20 am

OpenID: Great idea, bewildering consumer experience. Realistic, detailed look at the many usability problems that currently surround OpenID—and a good list of suggested fixes at the end. This is why I’ve been advocating OpenID as a tool for early adopters: they can help smooth out the experience for everyone else. 17th August 2007, 10:07 am

Grab them eyeballs! Any cred at all! Excellent argument for why large OpenID consumers shouldn’t be worried that other large providers will turn evil and hold their users hostage. What counts is the account, not the credential. 16th August 2007, 9:16 pm

AOL & OpenID—Status Update. It looks like they’re whitelisting a small list of providers for the moment. I’m not sure what this means for delegation. 15th August 2007, 6:34 pm

OpenID Bootcamp Tutorial. Slides from the OpenID Bootcamp tutorial I gave this morning with David Recordon. 25th July 2007, 12:39 am

One App, One User Account and Multiple OpenIDs. Dr Nic on allowing many OpenIDs to be associated with a single account. 22nd July 2007, 9:42 pm

Wikispaces OpenID Support. You can create new accounts there, but they haven’t hooked up association with existing accounts yet (that’s coming soon). 19th July 2007, 9:23 am

A Recipe for OpenID-Enabling Your Site. Detailed guide to setting your site up as an OpenID consumer from Plaxo, who just launched their OpenID implementation. It basically describes the design I’m using for the next release of django-openid. 18th July 2007, 7:50 am

Pibb Sign in page. Nice demonstration of an easier OpenID sign in page—lets you sign in with an AIM screenname or LiveJournal username instead (which uses OpenID under the hood). 14th July 2007, 9:09 pm

Making OpenID really really easy. I’ve been thinking along very similar lines: OpenID providers can construct a user’s OpenID URL for them by asking for a site that they use (AOL / LiveJournal / WordPress etc) and their username on that service. 13th July 2007, 7:28 am

Partial OpenID provider implementation from idproxy.net. It’ll take a while to package up provider support for django-openid, but in the meantime here’s some partial, incomplete, poorly documented example code ripped from idproxy.net. Hopefully this will give people trying to figure out the JanRain Python library a bit of a leg up. 12th July 2007, 6:48 pm

OpenID support in Blinksale (via) Blinksale + Highrise + Basecamp means you can run your small business on OpenID. 10th July 2007, 7:45 am

Proposal for foaf:openid property. It looks like OpenID will be added to the FOAF spec in the not so distant future. 8th July 2007, 10:39 pm

welovelocal.com. Nicely designed new local business review site, London only but going UK wide soon. OpenID enabled! 4th July 2007, 8:24 pm

Appalachian. “Appalachian is a Firefox add-on that adds the ability to manage and use several OpenIDs to ease the login parts of your browsing experience.” 30th June 2007, 1:36 pm

My Google Tech Talk on OpenID. I gave this extended and improved version of my “Implications of OpenID” talk at Google on Monday. Fast turnaround on the video! 28th June 2007, 8 am

OpenID: Why, how, 37signals. 37signals just enabled OpenID on Basecamp as well as Highrise. This is their excellent attempt at explaining its benefits. 28th June 2007, 1:38 am

Importing your social network from other sites. Dopplr now does this from GMail, Twitter, vCard or hCard and XFN. I’m convinced that contact import is a killer app for OpenID. 26th June 2007, 1:46 am

Index of /drupal/modules/openid. Drupal’s OpenID implementation in CVS. 26th June 2007, 12:26 am

Drupal 6 and OpenID. “The implementation is all Drupal native code—no third party libraries were used.” 26th June 2007, 12:26 am

Crowd 1.1.0 Release Notes. Atlassian software are now offering a commercial OpenID provider, with the ability to hook in to an existing LDAP directory and some smart whitelist / blacklist options. 21st June 2007, 8:29 am

VeriSign OpenID 1.1 Non-Assertion Covenant (via) VeriSign join Sun Microsystems in providing patent protection for OpenID. 20th June 2007, 10:38 pm

Sun Identity Provider for OpenID. “We’re talking to partners about offering special services to Sun employees that use this service for authentication.” 6th June 2007, 12:57 pm

Making use of the XRDS. One of the better explanations of XRDS: provides some background information and isn’t too long. 1st June 2007, 9:35 pm

Web Security for Estonia—OpenID. “Every Estonian eID holder (around 80% of Estonian population) has an unique OpenID with the format open.id.ee/[firstname].[lastname](.number)” 24th May 2007, 3:56 pm

OpenID for all Estonians. 1.37 million Estonians will soon have OpenIDs, secured using smart cards. I’d like to hear more about how the smart cards help tackle phishing. 24th May 2007, 3:55 pm

Ten Reasons The World Needs Patent Covenants (via) Sun just made their OpenID patent covenant official. Simon Phipps explains why these are a Good Idea. 22nd May 2007, 5:09 pm

Sun Microsystems Announces OpenID Program (via) “In order to explore the boundaries of OpenID as a trust system, Sun is offering an OpenID Provider service to its 34,000 employees.” 7th May 2007, 8:23 pm

phpbb-openid first beta. A fully functional OpenID consumer for phpBB 2.0, implemented as a set of patches. 29th April 2007, 8:27 pm

MyOpenID relaunches. Now with a handsome redesign and support for SSL client certificates as a secure alternative to passwords. 17th April 2007, 3:40 pm

Snipperoo now supports OpenID. It’s a really clean implementation, and they’ve given it prominent placement on their homepage. 28th March 2007, 5:05 pm

Beginner’s guide to OpenID phishing (via) Excellent primer on the phishing problem, which concludes that phishing can only be solved by moving away from usernames and passwords entirely. 23rd March 2007, 9:22 pm

ANN: PHP OpenID 1.2.2 released. Includes a fix to a bug that was causing some consumers to be incompatible with the WordPress.com OpenID provider. If you’re using this in a PHP OpenID consumer you should upgrade now. 23rd March 2007, 8:33 pm

Highrise: Early stats, Cases for all, the new Solo plan, and more disk space! 9% of signups came in through OpenID, and they’ve opened up cases to everyone fixing my number one complaint about the service. Great job! 23rd March 2007, 1:44 am

Vitamin Interviews: Simon Willison. Bobbie Johnson pointed a camera at me after my Future of Web Apps talk and interviewed me for eight minutes on OpenID. 23rd March 2007, 1:41 am

Iusethis now supports OpenID for authentication. A great example of a site I probably wouldn’t have tried out if it hadn’t supported OpenID. 21st March 2007, 1:11 am

Highrise. The new online contact manager from 37signals—exactly the tool I need for managing my freelancing, and it even accepts OpenID. 19th March 2007, 10:39 pm

OmniTI_OpenID. OmniTI’s PHP OpenID 1.1 consumer library. Much less full featured than the JanRain library, but it’s good to have more than one. 18th March 2007, 1:15 am

What is OpenID Good For? Dare Obasanjo provides some smart responses to Tim Bray’s criticisms of OpenID, including a good angle on the phishing problem. 14th March 2007, 10:12 am

Ficlets (via) AOL’s first application to launch on Rails, and their first application to accept OpenIDs as well as AOL screen names. 10th March 2007, 5:41 pm

OpenID Server Integrated with CAS. Case Western Reserve University now provides an OpenID for every network account holder. 10th March 2007, 8:48 am

Relying Party Best Practices. Proposed guidelines for OpenID consumers from Martin Atkins, currently under discussion on the mailing list. 7th March 2007, 11:45 pm

37 Signals’ next app Highrise will support OpenID. I can’t wait to see how the 37 Signals team deal with the UI challenges involved in supporting OpenID logins. 7th March 2007, 9:23 am

OpenID on WordPress.com. My first project launch as a freelancer. You can now use your WordPress.com blog as an OpenID. 6th March 2007, 8:41 pm

phpbb-openid: Your AIM screen name is your OpenID. Log in to a phpBB board with an AOL OpenID and it will try to associate your OpenID with an account that lists that AIM in the profile. This is the kind of behaviour I talked about in my FOWA talk. 6th March 2007, 7:57 am

The Beauty Of The Diffie-Hellman Protocol. Some useful explanations here. Diffie-Hellman is used by OpenID to establish a shared secret between the provider and the consumer. 1st March 2007, 10:08 pm

OpenID and microformats support on XTech site. “A single-sign on solution like OpenID solves an important problem for us, as most people tend to interact with our conference web sites in only one or two time periods each year.” 27th February 2007, 12:46 pm

The No-Shit Guide To Supporting OpenID In Your Applications. Fantastically useful: Dan Webb digs through the API documentation so you don’t have to. The example code is for Rails but the PHP and Python libraries work in much the same way. 27th February 2007, 1:56 am

OpenID makes web identities real and appealing. DHH has caught the OpenID bug. Expect to see a flurry of activity around OpenID in the Rails community over the next few weeks. 26th February 2007, 10:31 am

More on Decentralised Social Networking. Martin Atkins has been thinking hard about the practicalities of building decentralised social networking on top of OpenID. 26th February 2007, 10:15 am

prooveme.com. An OpenID provider that uses SSL client certificates (which you install in your browser) for authentication. 22nd February 2007, 12:01 pm

AOL and OpenID. http://openid.aol.com/your-screenname now works as an OpenID, for every AOL user. Wow. 15th February 2007, 11:27 am

PHP and “OpenID authentication failed: Bad signature”. If you’re seeing a “Bad signature” error in your PHP OpenID application it could be down to a miscompiled GMP library. 15th February 2007, 10:02 am

FreeYourID.com. A free .name domain for 90 days, with built-in tools for managing e-mail forwarding and your OpenID. Could do with some unobtrusive JavaScript, but they’re really fast at responding to suggestions. 13th February 2007, 4:26 pm

Too many Chiefs... OpenID’s current biggest problem is that there are plenty of OpenID providers but not nearly enough places that you can log in to with one. 13th February 2007, 11:49 am

OpenID (and TypeKey) using native OpenSSL functions in PHP. Wez Furlong shows how a small patch to PHP’s OpenSSL support makes it a whole lot easier to perform the cryptography behind OpenID (at the moment you need to use the bc or gmp modules). 10th February 2007, 10:49 pm

Hanselminutes Podcast on OpenID. Good podcast discussion on OpenID, from a .NET developer’s perspective. 9th February 2007, 9:19 am

The OpenID Directory. A new directory of OpenID consumers and providers. If they can make sure that the listed sites actually let you log in this could become a really valuable resource. 9th February 2007, 12:19 am

CardSpace & OpenID: Working together. A more detailed explanation of what the Microsoft OpenID collaboration actually means. 7th February 2007, 1:58 am

Microsoft & OpenID. HUGE news. Microsoft are officially supporting OpenID, through integration with CardSpace. 7th February 2007, 1:56 am

SMTP Service Extension for Yadis Discovery. Could potentially let you use your e-mail address as an OpenID, although personally I wouldn’t always want to hand my address over to third-party sites. 5th February 2007, 9:44 am

Announcing Jyte. “Jyte is a simple service that allows you to associate claims, credibility and contacts to build a reputation with your OpenID”. The OpenID landscape is wide open for innovation like this. 31st January 2007, 6:04 pm

XRID.net (via) Sign up for a free @xrid*something i-name by logging in with an OpenID. 29th January 2007, 4:55 am

OpenID Enabled: OpenID Tests. Useful for checking if your OpenID consumer or server are working OK. 27th January 2007, 10:34 am

Justin Mason: more on social whitelisting with OpenID. The author of spam assassin warns that whitelist-based trust networks are a lot harder than they look. 26th January 2007, 1:02 am

Social whitelisting with OpenID... (plasticbag.org). Tom’s write-up of the social whitelisting idea. Lots of sceptics in the comments. 26th January 2007, 1 am

MyOpenID: New anti-phishing tools available. Includes SafeSignIn, which removes the login form from the landing page. You have to enable it in your preferences though. 24th January 2007, 3:02 pm

Oxford Geek Nights. 8pm on the 7th of February 2007 at the Jericho Tavern in Oxford. Three 15 minute talks and a bunch of 5 minute microslots. I’ll be giving a talk on OpenID. 22nd January 2007, 7:22 pm

Ma.gnolia Blog: OpenID is Taking Off! Since November, 15% of new Ma.gnolia members signed up using an OpenID. 22nd January 2007, 6:41 pm

Group Membership Protocol. Martin Atkins’ proposal for a simple “is OpenID X a member of group Y?” protocol, useful for whitelists that can scale to handle large numbers of entries. 22nd January 2007, 8:27 am

Anonymous OpenID. A mailinator-style service for OpenID. I’m glad someone’s built this; it reinforces the idea that an OpenID should not be trusted as an account without first using a verification step. 21st January 2007, 2:03 am

Phishing and OpenID: Bookmarks to the Rescue? Ping extends my proposal to use bookmarks as the principle authentication mechanism, resulting in a system that is much easier for people to understand. 21st January 2007, 1:36 am

XMPP OpenID server. An OpenID provider that sends you a Jabber message when you try to log in, to help guard against phishing. 20th January 2007, 11:24 pm

Links to academic papers on phishing. Posted to the openid-general list by Mike Beltzner. 19th January 2007, 5:32 pm

Planet OpenID. Aggregating news about OpenID—surprisingly high traffic. 18th January 2007, 12:04 am

OpenID users can be just as trusty as local users. Martin Atkins makes a similar argument to my own: OpenIDs are trustworthy, provided you subject them to the same authentication steps (CAPTCHA/e-mail validation) as regular users. 16th January 2007, 11:13 am

Firefox3/Firefox Requirements (via) OpenID and CardSpace are both listed as mandatory features. 11th January 2007, 6:56 pm

OpenID Speech at Webtuesday Zurich. Good set of slides, along with the tidbit that local.ch (which had slippy maps years before Google) is implementing OpenID. 11th January 2007, 3:27 pm

OpenID Questions. I’ve attempted to provide answers in the comments. 9th January 2007, 11:46 am

OpenID for non-SuperUsers. Sam Ruby explains the key concepts of OpenID that many first-time users tend to miss. 7th January 2007, 10:21 pm

DjangoID. Django-based OpenID server for hosting your own (or someone else’s) identity. 7th January 2007, 9:54 pm

Unobtrusive OpenID. Sam’s implementation passes association data in the URL rather than using sessions. I need to do that here. 28th December 2006, 9 pm

Login to other services with Technorati. Technorati are now an OpenID provider. I’d much rather they were a consumer though; at the moment you can claim your blog with OpenID but you can’t log in to your Technorati account with an OpenID from elsewhere. 26th December 2006, 8:41 pm

digg: Screencast: How to use OpenID. No exclamation mark this time—let’s see if it makes a difference. 22nd December 2006, 9:50 pm

Comment transformer votre blog en une OpenID ? My piece on OpenID tranlated in to French by Christophe Ducamp. 21st December 2006, 3:26 pm

Three steps to OpenID. Maybe explaining OpenID isn’t as hard as I thought... Jacob Kaplan-Moss nails it in three. 20th December 2006, 12:44 pm

botbouncer.com (via) Neat concept: a third party service for ensuring that an OpenID has passed a CAPTCHA. 19th December 2006, 6:01 pm

digg: HOW TO turn your blog in to an OpenID. Trying to get some digg love for my OpenID how-to. I even used a digg-friendly exclamation mark. 19th December 2006, 12:36 pm

Ma.gnolia supports OpenID. Text book implementation: you can associate your OpenID with an existing account and log in using either OpenID or your regular username and passwerd. 17th December 2006, 9:29 am

phpMyID. A simple, stand-alone OpenID server in a single PHP script with no dependencies. Makes managing your own identity trivial. 17th December 2006, 9:06 am

The case for OpenID. I look forward to embracing our OpenID future. 5th December 2006, 1:34 pm

del.icio.us/tag/openidconsumer. Help me build a list of sites that let you log in with OpenID. 20th August 2006, 3:14 am

I want my OpenID! Open ID code bounties worth $5,000. Could this kickstart adoption? 28th July 2006, 4:02 pm