[OpenID] OpenID Exchange
mart at degeneration.co.uk
Mon Jan 8 00:43:57 UTC 2007
Martin Atkins wrote:
> I have made an early draft of a spec called OpenID Exchange on the wiki:
I promised this weeks ago, but various unexpected events prevented me
from doing it until now. I've put together a simple demo of OpenID Exchange.
In this demo, OpenID Exchange is being used as a transport for a
protocol which allows one site to post in a weblog or journal on another
site with the permission of the weblog/journal owner. 
Just as with my previous demo, you'll have to use your imagination as
both of the "sites" in my demo are running on the same server.
So here's the demo:
* Go to http://oidexdemo.m.wox.org/blogsite/ and log in with any
OpenID identifier to get a free blog on possibly the worst blog site in
the world, ever.
* If you like, make a test post in your new blog using the form
provided. This is really just to help you imagine that it's really a
* Make a note of your weblog URL and then go to the completely
separate site http://oidexdemo.m.wox.org/lamequiz/
* Complete my broken and completely nonsensical personality quiz and
find out what programming language you apparently are. 
* In the posting form, enter the OpenID Identifier that you used to
register with my blog site and enter your ugly weblog URL. Press the
button to kick off a redirect dance.
* If prompted, allow my blog site to verify your identity once again.
* Review the entry that the quiz site wants to post, and allow it to
* The quiz site gives you an un-spectacular success page with a link
to your blog.
This is using the OpenID Exchange protocol as described on the wiki,
except for a few minor modifications where I discovered inconsistencies
during implementation. (I'll update that draft spec soon.)
Weblog posting is only one application of OpenID Exchange, but since
sites like Flickr posting on LiveJournal was the original use-case that
prompted OpenID Exchange's ill-fated predecessor I figured it was a
reasonable demo. Recall that other possible use-cases include profile
exchange, arbitrary user-accompanied SOAP requests and social networking
Possible next steps:
* Update the draft spec in response to the issues found during this
* Clean up the implementation and library-ize it.
* Draft up a more complete protocol for posting blog entries, probably
based on Atom.
* Get some *real* blog site (probably LiveJournal) to run a better demo.
* Convince a suitable site (Zooomr?) to run a proof-of-concept client.
* Refine the OIDex spec based on implementation experience.
* PROFIT! (or something)
 My previous "OpenRPC" demo let you post pretty pictures to the
demo weblog, but sadly this latest incarnation of LameBlogs only lets
you post plain text entries.
 For now, you'll just have to trust me that the two aren't sharing
any data behind the scenes!
 Aren't they ugly? :)
 The outcomes don't make a lot of sense, so take them with a pinch
 For the sake of example I've made it always verify your identity,
but in practice it'd probably already know who you are at this point
because you logged in earlier.
 I can't decide if I like this abbreviation. :)
(I love footnotes.)
More information about the general