OpenIDs the Stallmanian way

Managing your identity and even proving your identity wasn’t always as easy as today where popular identity and single sign-on solution OpenID is supported by a variety of services, platforms and websites and as support grew, so did the number of providers. WordPress.com and Blogspot for example provide OpenIDs to their users enabling them to prove their own and their blog’s identity. Other providers like myopenid do nothing but providing OpenIDs together with some basic profile page.

Folks with their own website or self hosted blog can use so called id delegation to link your website to the OpenID provided by those third party companies and projects, and this leads us to a problem, maybe even nightmare for those really concerned with the safety of their data and identity. OpenID, as mentioned above, is not only a way to prove your identity but can be used as a single sign-on solution for numerous websites and trusting others with this sensible data might not be a very good idea when you think about it and especially not if you are concerned about the control and integrity of your personal information.

So you got your own site and you want your own OpenID.

You can get one by hosting it yourself and the most easy way to do so is using a a small and neat PHP application called phpMyID, a standalone, single user OpenID provider.

Since I couldn’t find the simple solution that I wanted, I did what any [idiot|geek] would do, and created the missing option for myself: a single user OpenID server.                 — CJNiemira

phpMyID consists of two files, the configuration file and the application itself. The download package includes a readme and the license, GPLv2. The setup is rather simple:

  1. You upload the files in a directory,
  2. Create a hash of your password and write it, along your personal details if you want in the configuration file,
  3. Put the delegation links inside the header of your page,
  4. profit

It is really as simple as that but in case you’re still not getting it to work, there is a FAQ and a forum.

phpMyID relies on http digest authentication as security which uses md5 hashing and nonce values preventing your password getting send over the Internet in plain text. It is an safe, easy and foremost non expensive, when compared to SSL certificates, way to secure your log-in data.

I still want to remind you that you should know that even if you are hosting your OpenID and using it as a single sign-on that you must not give away your password and user name. Single sign-on is a major convenience but comes with risks and you really shouldn’t use it for sensible, important accounts. I recommend using it only as proof of your identity.

If you are really looking for a way to handle your passwords and sign-ons you should consider using a password manager like KeePass or KeePassX

You might also like

Comments are closed.