« On Security Vulnerabilities  •  What’s a third-party identity provider and how do I pick one? »

Converting your site to OpenID

November 28, 2006 in Identity, JanRain, Ma.gnolia, OpenID by kveton

If you currently run a site with a large number of users and are looking at adopting OpenID you have a few things you need to consider. I’ve been talking with Larry Halff from the social bookmarking site Ma.gnolia (which kicks ass btw) and they are looking at adopting OpenID. Larry has quite a few users and so he had to take those folks into account before implementing OpenID.

What we have seen with the open source projects that are adopting OpenID is to simply tie it to an actual account within the system. For example, the Drupal plugin does this. This is the easiest mechanism since you can then tie the OpenID to attributes that you need specifically for your application. In the case of Drupal, they have the concept of an avatar. OpenID’s simple registration does not have this attribute so you can’t get it from the identity provider (yet - more on that later). So when a user logs in with an OpenID, their OpenID is tied to a new account within that Drupal installation. Then you get the benefit of all of the “extra” attributes that you might want to have for that account.

In Larry’s case at Ma.gnolia, when the user logs in for the first time, they ask for the ‘nickname’ of the user via the simple registration mechanism. When they get that back from the users’ identity provider, they check to see if it matches an existing Ma.gnolia account. If it does, the user is presented with a dialog to enter that Ma.gnolia user’s password. This allows the user to link an existing Ma.gnolia account to an OpenID (so they don’t have to re-enter all of their bookmark information again). If it doesn’t match, they create a new Ma.gnolia account and tie it to the OpenID via a seperate OpenID associations table.

Now, as I mentioned before, simple registration is pretty limited in its abilities at this time. However, there is a mechanism for arbitrary attribute exchange that has been proposed. In the case of Drupal, a site running Drupal could upload attributes that would be tied to the user at their identity provider (with the users’ permission of course) and these attributes could be used for any Drupal site. The ability to have rich profile information via attribute exchange is something that is going to make OpenID a really powerful platform for delivering digital identities.

About

This is the blog of Scott Kveton, digital identity promoter, open source contributor, avid gardener, passionate pizza maker, loving husband and proud father. Read More ...

Also Known As

Once or twice in my life people have mis-spelled my name (I know, its a shocker) ... you may have seen my lastname appear as any or all of the following:

Kverton • Kvelton • Keaton
Rueton • Kreton • Kventon
Kevton • Kevin • Smith (true story)
Kueton• Kvetan• Keveton


    9 comments

    Comments feed for this article

    November 29, 2006 at 6:33 am

    Dmitry Shechtman

    The idea of matching OpenID nicknames to existing usernames is brilliant, provided that ma.gnolia has a handful of users.

    phpbb-openid’s design (not yet implemented) for quickly merging an account with an identity is accepting a username, a password AND an OpenID simultaneously.

    November 30, 2006 at 12:57 pm

    takkaria

    Have you thought about perhaps using something hCard (by the microformats.org crowd) to exchange some basic data about people? It might be useful to standardise on such a thing for that kind of data.

    My own OpenID URL contains an hCard just in case anyone did such a thing, but I haven’t seen any word of it yet.

    November 30, 2006 at 4:22 pm

    kveton

    takkaria: we have actually spoken with the microformats folks and there are some definite possibilities there. We’re actually going to be adding hCard information to the personal identity pages on MyOpenID.com. That way, you can direct people to your personal identity page (in my case kveton.myopenid.com) and they could actually get some relevant information about you. The next trick would be to lock that down somehow to just your friends or co-workers.

    December 13, 2006 at 4:48 am

    Tim McCormack

    What I haven’t seen yet is a decent tutorial on integrating OpenID with a new site. (Merging it into an existing site is a whole ‘nother beast.) For example, I am monkeying around with http://www.tradeups.net/ as a local barter site, and I tried to use OpenID, but the documentation seemed insufficient. If someone could just write up a nice howto, this could really take off.

    (Also, I tried using my existing OpenID login with this site, and it failed — after I said Allow Always on myopenid, I was redirected to what appeared to be your blog’s own login page.)

    December 13, 2006 at 9:20 pm

    kveton

    Tim: that’s a great idea. Anybody out there want to take that one? I’ll link to it liberally and often … :-)

    Doh! Yeah, you experienced a bug that (I think) I just fixed. Thanks!

    December 18, 2006 at 9:05 am

    tbbrown

    hi scott,

    here’s some notes from the field on merging it with an existing site:

    http://herestomwiththeweather.blogspot.com/2006/12/openid-podcast.html

    cheers,
    tom

    February 21, 2007 at 5:42 pm

    josephrw

    Nothing to see here, just reading your post and seeing if my open id worked.

    Note: This post is over a year and a half old. You may want to check later in this blog to see if there is new information relevant to your comment.