Simon Willison’s Weblog

Entries tagged openid

Filters: Type: entry × openid ×


What are some scalable OAuth and OpenID server implementations?

Any OAuth library should scale horizontally—I can’t see how any one library would be a better choice than another.

[... 36 words]

Facebook Usernames and OpenID

Today’s launch of Facebook Usernames provides an obvious and exciting opportunity for Facebook to become an OpenID provider. Facebook have clearly demonstrated their interest in becoming the key online identity for their users, and the new usernames feature is their acknowledgement that URL-based identities are an important component of that, no doubt driven in part by Twitter making usernames trendy again.

[... 760 words]

The point of “Open” in OpenID

TechCrunch report that Microsoft are accepting OpenID for their new HealthVault site, but with a catch: you can only use OpenIDs from two providers: Trustbearer (who offer two-factor authentication using a hardware token) and Verisign. "Whatever happened to the Open in OpenID?", asks TechCrunch’s Jason Kincaid.

[... 451 words]

Django People: OpenID and microformats

In hindsight, it was a mistake to launch Django People without support for OpenID. It was on the original feature list, but in the end I decided to cut any feature that wasn’t completely essential in order to get the site launched before it drowned in an ocean of “wouldn’t-it-be-cool-ifs”.

[... 626 words]

Yahoo!, Flickr, OpenID and Identity Projection

Via ReadWriteWeb, view source on a Flickr photostream page and search for “openid” and you’ll be rewarded with the following snippet:

[... 582 words]

Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

A note about simple registration

Simple registration is an extension that allows OpenID consumers to ask your provider for extra information—your name, e-mail address, date of birth and so on.

[... 391 words]

The Implications of OpenID

My second presentation at XTech 2007. Unfortunately there’s just the Matt Webb keynote to go, and I spent most of the conference worrying about my talks. There’s a lot to be said for speaking as early as possible.

[... 76 words]

Turn your Django application in to an OpenID consumer

I’ve just put the finishing touches on the first releasable version of django_openidconsumer, a package that makes it easy to add OpenID consumer support to any Django application.

[... 229 words]

My Future of Web Apps talk as a slidecast

The team at Carson Systems have a pretty quick turnaround on their podcasts; they’ve had full recordings of every speaker up for a few days now. I spent a bunch of time over the weekend splicing the recording of my talk together with my slides, and the result is now available at The Future of OpenID (a slidecast).

[... 177 words]

Six cool things you can build with OpenID

I’ve posted the slides from my Future of Web Apps talk on OpenID, minus the demo videos. I’m planning to put together a video that combines the slides, demos and audio once the official podcasts have been published.

[... 816 words]

OpenID at the Future of Web Apps

People seemed to really like my talk—they even laughed in the right places! I’ll be posting full notes, slides and writing an article for Vitamin over the next few days. For the moment I’m just enjoying coming down from the adrenaline high.

[... 84 words]

Speaking at the Future of Web Apps

Just a quick update to say that I’ll be speaking at the Future of Web Apps conference in London on February the 21st, talking about OpenID. I really enjoyed last year’s event and feel honored to be included in such an exciting schedule.

[... 86 words]

idproxy.net: Use your Yahoo! account as an OpenID

In an ideal world, some or all of the sites with large user databases (Yahoo!, AOL, Google, Amazon and so on) would act as OpenID providers, allowing their users to sign in to OpenID supporting sites around the Web. Until that happens, people who want to use OpenID need to sign up for Yet Another Account to do so.

[... 414 words]

Social whitelisting with OpenID

A key feature of OpenID is that it provides a globally unique identifier for every user, no matter what site or service they are using on the Web.

[... 502 words]

Solving the OpenID phishing problem

Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.

[... 531 words]

An OpenID is not an account!

I’m excited to see that OpenID has finally started to gain serious traction outside of the Identity community. Understandably, misconceptions about OpenID continue to crop-up. The one I want to address in this entry is the idea that an OpenID can be used as a replacement for a regular user account.

[... 601 words]

More home improvements

I’ve had an offline Christmas, not entirely through choice (broadband at my Dad’s new place in rural France isn’t working yet) but welcome. I did have my laptop with me, and I’m using Bazaar for version control so being offline isn’t a barrier to checking in code. I’ve just rolled out a bunch of new features that I put together over the past few days.

[... 514 words]

OpenID screencast

OpenID’s biggest problem is its learning curve. Using it as actually really simple, but if you’re not technical the amount of stuff you have to know before you can understand it is enormous. If you are technical, it just doesn’t seem like it should work—there are a bunch of questions that come up every time OpenID is discussed anywhere (“but surely there’s nothing to stop someone else from spoofing your ID”) which OpenID has answers for, but which are easily misunderstood.

[... 315 words]

How to turn your blog in to an OpenID

Wouldn’t it be great if you could use the same account to log in to multiple sites and applications, without having to trust them all with your password? Wouldn’t it be even better if you could do this without having to hand ownership of your online identity over to some monolithic third party? (I’m looking at you, .NET Passport Microsoft Passport Windows Live ID.)

[... 832 words]

What I’m excited about, post-conference edition

Wow, I’ve had a really busy month. I’ve attended (and spoken at) BarCamp London, Media in Transition, d.Construct, RailsConf Europe, Euro Foo and EuroOSCON. All were excellent, and each one nicely complemented the others. I’m exhausted. I think my brain is full.

[... 377 words]