Scott Kveton

We’re excited to announce our latest partnership with GNR (the folks who manage the .name registry) to help bring OpenID’s to the .name users everywhere. Now with just a few seconds you can register your very own .name domain name and get email, an OpenID and a whole lot more.

You can sign up today at FreeYourID.com. JanRain is providing the back-end OpenID services for the .name registry to handle the use of your .name as an OpenID. The registration is free for the first 90 days and then $10.95 US per year after that.

Many people have asked us if we could help manage the entire process of domain name registration and management of their OpenID and until now, we haven’t been able to do it. Fortunately, the GNR folks have made this super easy with their FreeYourID.com service and we’re excited to be helping them by providing the OpenID’s. We’re using OpenID delegation and our new site API on MyOpenID to make this happen.

For example, you can head over to FreeYourID.com and enter in a name like Larry Jones and you’ll then be presented with a series of options like larry.jones.name or lj.jones.name or lawrence.jones.name. You then get an email address of larry@jones.name, etc. Best of all, you can point your personal identity page anywhere you want. If you have a blog at username.livejournal.com, you can point your new .name at that and have it redirect there. You can even point at your own Jyte profile page to show off your claims, cred and contacts like I’ve done with scott.kveton.name … :-)

As always, any questions, comments or concerns, feel free to post them here! And go sign-up for your .name! :-)

There have been some intense discussions going on over on the OpenID general and security lists over the past week or so. Some great suggestions have been made about how to better secure users against phishing and we have just implemented a couple of them on MyOpenID.com.

• Personal Icon: A Personal Icon is a picture that you can specify that is presented to you in the title bar of MyOpenID every time you visit the site. The image is shown based on a cookie that is not tied to your account. This aids in fighting phishing as you’ll get used to seeing the same picture at the top of the page every time you sign in. If you don’t see it, then something might be up. Carl worked on this feature for us over the last few days and it employs several of the techniques discussed on the list to make it happen. You can see the picture next to this text that shows my Personal Icon which is a picture of my son Živio in the bathtub.
• SafeSignIn: The SafeSignIn feature was inspired by Simon Willison and was implemented by Mike on our Identity Provider team. SafeSignIn is an option that users can set on their settings page that makes it so you cannot be redirected to your MyOpenID.com to enter a password. If you are redirected to MyOpenID.com from another site, you are presented with the dialog you see below prompting you to either use a bookmark or enter the address in your location bar in the browser. This is an optional feature but we highly recommend you enable it.

While discussion on the OpenID specification continues to happen, we wanted to make sure we had the tools our users would need to protect themselves against phishing in the mean time.

We have a unique opportunity with phishing and OpenID. OpenID can make the possibility for bad things to happen from phishing that much worse. However, having an OpenID means you create a more intimate relationship with your OpenID provider. You go there everyday. You will more likely know when something is wrong. The Personal Icon and SafeSignIn tools help give you a clear indication when something might be up. The ability to fight phishing from one place really well could actually become a huge driver for OpenID; I know the place I always enter my password every single day. Asking users to deal with several layers of anti-phishing technology on every site they visit isn’t very realistic. These type of tools, coupled with OpenID, allow you to have the layers of security while giving you the ease-of-access to the sites you want to visit.

We still don’t have a complete answer to phishing yet but with the continuing work of the OpenID community, we just might get closer to one.

If you’d like to take advantage of these features for your OpenID enabled site or your own personal domain, you might want to check out our affiliate program or read up on how to delegate from your own domain.

Simon Willison has made a great screencast that does a great job explaining the how and why of OpenID. There is also a Google video of this as well (although the quality is much poorer).

A great article on why Nick Manley thinks Google will be supporting OpenID in the near future.

Saw Simon mention a three-step process for getting an OpenID show up on reddit and of course I have to link to it because they are using MyOpenID as the example … :-)

This is also a great time to mention the affiliate program that we launched a few weeks ago. If you run your own site but don’t want to host an OpenID server, you can sign up as an affiliate and redirect users to MyOpenID.com to get their own OpenID. The user is presented with a logo from your site as well as a description of why they were directed there. You can see an example from my blog here.

Some of the better known affiliates are Ma.gnolia.com, a great social-bookmarking site and Zooomr, a really amazing photo-sharing site. If you don’t want to run an OpenID server, we’re more than happy to do it for you. And you can even use your own domain if you want to.

Finally, if you want to run your own OpenID server you can do that as well. phpMyID is a great standalone PHP OpenID identity provider that was just released a week or so ago. You can then manage your own server and deliver identities yourself.