<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Folks,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>We looked at a few options for implementing an OpenID Provider
(identity) server on our site, but didn’t see any options out there that
met our particular requirements. So, we wrote one from scratch.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I cannot say that it’s been extensively tested, but so
far it has worked for us. It implements the OpenID 2.0 spec, complies
with part of the 1.1 spec, and (as far as we know) only lacks a few things we
deliberately decided not to implement. Specifically, there is a “dumb”
mode in 1.1 that we do not support. Also, we do not support checkid_immediate,
always returning setup_needed. (We might implement the latter if we saw
good reason. If we understood the spec correctly, checkid_immediate could
allow a person to log out of a web site, leave the browser open, and another
person sit down and login, bypassing a proper authentication step.)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>In any case, we wanted to provide the software for others to
enjoy. It’s entirely open source, written in Perl, uses MySQL, and
is intended to be easily integrated into an existing web site, but could be
installed as-is (just modifying the config files with appropriate values).
There is a PDF document in the download that contains more information,
including everything you need to know to get it installed. You can grab a
copy here: <a href="http://www.packetizer.com/security/openid/">http://www.packetizer.com/security/openid/</a><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>If you are working on something similar or want to
collaborate on this software to work out any issues, I’d be happy to collaborate
with you.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Cheers!<o:p></o:p></p>
<p class=MsoNormal>Paul<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>