[OpenID] Question About OpenID

Peter Williams pwilliams at rapattoni.com
Sat Jun 13 21:39:57 UTC 2009 

So lets do it.

goto blogspot and create a blog. Mine is called openid2.

goto freexri.com and login.

Put http://openid2.blogspot.com/ (or your equivalent) in the lowest input box, to start binding your google credentials to your delegation. FreeXRI and blogspot perform websso, and I get a freexri session.

The freexri site allows you to (a) choose a name in some community (b) bind a password, for account recovery (lest Google lock you out for 2 weeks while one negotiates with their account reps).

in the auth settings, choose

I already have an OpenID. I want =@blog*bloggerlock<mailto:=@blog*bloggerlock> to point to my existing OpenID:

and delegate back now to http://openid2.blogspot.com/ (in my case).

once the name is registered (move over facebook...), click advanced, and retain your canonical id. Mine is
@!E459.819D.771.7990!8a24.bb1b.d12d.071b (note the form, with the leading =!).

Using your =!...  value rather than mine (or Andrews), create a snippet of the form:

<meta http-equiv='X-XRDS-Location' content='https://xri.net/@!E459.819D.771.7990!8a24.bb1b.d12d.071b?_xrd_r=application/xrds%2Bxml;sep=false' />

Then follow Andrew's blog entry counsel on putting XRDS metadata in the blogspot area. Logged into Blogspot using Google Account credentials, apply Layout->HTML editing, and add the snippet just after the <head> tag.

Got to facebook now, and sign up (it pings an email account...). In accounts settings in a newly provisioned account, set a linked id, and enter http://openid2.blogspot.com/.

Facebook will not cooperate with an openid provider v1.1. Sigh.

so, go to plaxo instead, and use the openid signin, citing (for me) http://openid2.blogspot.com/.

This says: Unable to redirect to the specified OpenID provider: failed to perform curly request [URL using bad/illegal format or missing URL].



If I just enter https://xri.net/@!E459.819D.771.7990!8a24.bb1b.d12d.071b at plaxo, this redirects to blogger, which correctly complains (I suppose) that:



Your blog is not supported for use as an OpenID URL. Please check the following:

 *   Is your blog externally hosted? OpenID is only supported for blogs hosted on Blogger.
 *   Was the URL (http://xri.net/openid2.blogspot.com) spelled correctly?


(not sure where the http://xri.net/openid2.blogspot.com comes from, tho.)



now, the XRD that freexri creates by default is not EXACTLY configured as Andrew configured his XRD, in his aspx (or 1id config). This may account for matters. Or, are we running into namespace controls (correctly): that OP can only speak for XRI authorities for which they in turn HAVE authority (to speak)?

I dont see why an OP cannot discover - for the XRI case - the user's XRD itself, note the users delegation of namespaces, and determine that it has the right AND - from browser trust - current authorization to speak for a "delegated-synonym"
________________________________
From: general-bounces at openid.net [general-bounces at openid.net] On Behalf Of Andrew Arnott [andrewarnott at gmail.com]
Sent: Friday, June 12, 2009 9:50 PM
To: Tyler Romeo
Cc: general at openid.net
Subject: Re: [OpenID] Question About OpenID

I think what you're looking for is what OpenID calls delegation.  Delegation includes the ability to take several OpenIDs issued by several providers and tie them into just one identifier that you can always use, even as your set of Providers change.

I have a couple of blog posts that tell you how to do it:

Part 1: http://blog.nerdbank.net/2008/07/how-i-have-taken-control-of-my-own.html
Part 2: http://blog.nerdbank.net/2008/07/how-i-have-taken-control-of-my-own_22.html

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre


On Fri, Jun 12, 2009 at 9:30 PM, Tyler Romeo <tylerromeo at gmail.com<mailto:tylerromeo at gmail.com>> wrote:
Maybe somebody can help me. I started looking into OpenID a little while ago, and there is something that is a little confusing to me. If I have multiple OpenID providers that I use (because a lot of popular websites are making themselves providers now for whatever reason), is there any way to either link the different accounts or make one of them the central OpenID or anything similar to that idea, because it gets confusing, annoying, and essentially useless when all the websites I use give me an OpenID, but I cannot do a single login, which seems to be the general point of OpenID. Hopefully somebody could answer that.

Thanks,
Tyler

_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general

More information about the general mailing list