[OpenID] OpenID Exchange

Martin Atkins mart at degeneration.co.uk
Mon Jan 8 00:43:57 UTC 2007

Martin Atkins wrote:
> I have made an early draft of a spec called OpenID Exchange on the wiki:
>      <http://openid.net/wiki/index.php/OpenID_Exchange_1.0>

I promised this weeks ago, but various unexpected events prevented me 
from doing it until now. I've put together a simple demo of OpenID Exchange.

In this demo, OpenID Exchange is being used as a transport for a 
protocol which allows one site to post in a weblog or journal on another 
site with the permission of the weblog/journal owner. [1]

Just as with my previous demo, you'll have to use your imagination as 
both of the "sites" in my demo are running on the same server.[2]

So here's the demo:

  * Go to http://oidexdemo.m.wox.org/blogsite/ and log in with any 
OpenID identifier to get a free blog on possibly the worst blog site in 
the world, ever.
  * If you like, make a test post in your new blog using the form 
provided. This is really just to help you imagine that it's really a 
weblog. :)
  * Make a note of your weblog URL[3] and then go to the completely 
separate site http://oidexdemo.m.wox.org/lamequiz/
  * Complete my broken and completely nonsensical personality quiz and 
find out what programming language you apparently are. [4]
  * In the posting form, enter the OpenID Identifier that you used to 
register with my blog site and enter your ugly weblog URL. Press the 
button to kick off a redirect dance.
  * If prompted, allow my blog site to verify your identity once again.[5]
  * Review the entry that the quiz site wants to post, and allow it to 
do so.
  * The quiz site gives you an un-spectacular success page with a link 
to your blog.

This is using the OpenID Exchange protocol as described on the wiki, 
except for a few minor modifications where I discovered inconsistencies 
during implementation. (I'll update that draft spec soon.)

Weblog posting is only one application of OpenID Exchange, but since 
sites like Flickr posting on LiveJournal was the original use-case that 
prompted OpenID Exchange's ill-fated predecessor I figured it was a 
reasonable demo. Recall that other possible use-cases include profile 
exchange, arbitrary user-accompanied SOAP requests and social networking 

Possible next steps:
  * Update the draft spec in response to the issues found during this 
  * Clean up the implementation and library-ize it.
  * Draft up a more complete protocol for posting blog entries, probably 
based on Atom.
  * Get some *real* blog site (probably LiveJournal) to run a better demo.
  * Convince a suitable site (Zooomr?) to run a proof-of-concept client.
  * Refine the OIDex[6] spec based on implementation experience.
  * ???
  * PROFIT! (or something)


  [1] My previous "OpenRPC" demo let you post pretty pictures to the 
demo weblog, but sadly this latest incarnation of LameBlogs only lets 
you post plain text entries.
  [2] For now, you'll just have to trust me that the two aren't sharing 
any data behind the scenes!
  [3] Aren't they ugly? :)
  [4] The outcomes don't make a lot of sense, so take them with a pinch 
of salt!
  [5] For the sake of example I've made it always verify your identity, 
but in practice it'd probably already know who you are at this point 
because you logged in earlier.
  [6] I can't decide if I like this abbreviation. :)

(I love footnotes.)

More information about the general mailing list