A late but Happy New Year – recent silence related to starting new job at local.ch – more on that another time.

So let’s call this one the Year of OpenID – or at least the part up to March. OpenID is starting to gain as a solution to some (not all) online authentication problems.

While some good resources are starting to show up explaining how OpenID works, there’s a tendency towards either “here’s how to add to your blog – don’t ask difficult questions” or significant assumed knowledge. So it’s nice if you have someone around who can explain it directly, which is what happened last webtuesday, C├ędric’s providing an OpenID Overview. As well as doing a great job of explaining key points of what OpenID is and is not, he also took a good stab at illustrating OpenID transactions in terms of the communication between the hosts involved, something that seems poorly documented online right now – images here.

One particular concern the talk raised regards the final redirect of an OpenID transaction, when a new account is being setup on the relying party (the site you want to register and log into) – step 6 here. As I’ve understood it, OpenID Servers can optionally provide bits of your personal information to the relying party, to reduce you work in filling in a registration form. But that seems to be passed via the final GET request you are redirected to, GET having limits and a tendency to lie around in access logs…

Talk slides are online here (PDF). May also show up as a video somewhere soon…

Meanwhile looks like Dokuwiki is gaining OpenID support as well…

Update: – the talk is now here on Google video – many thanks to Corsin for the hard work.


Special Offer
Free course!

Git into it! Bonus course Introduction to Git is yours when you take up a free 14 day SitePoint Premium trial.