metawidget: A platypus looking pensive. (Default)
metawidget ([personal profile] metawidget) wrote in [site community profile] dw_nifty2011-04-13 11:36 am
Entry tags:

Your own domain as an OpenID in two lines*

I just set up OpenID at my woefully out-of-date but pithier URL of http://metawidget.net. Like my e-mail over there, the idea is to future-proof my online identity: I more or less own my own domain, whereas it is possible that Dreamwidth, myOpenID, Livejournal or whoever else will do something I don't like (or just be reduced to a smoking crater by a DDoS or an antitrust lawsuit or something). Through the miracle of OpenID delegation, if I get sick of whatever site is doing the OpenID listing, I just fire them, change these two lines, and keep my OpenID. Also, it might motivate me to clean up my site, archive some stuff, and all that.

Here are the two lines:

<link rel="openid.server" href="http://www.dreamwidth.org/openid/server">
<link rel="openid.delegate" href="http://metawidget.dreamwidth.org">

They go in the head element of index.html, or whatever other page loads by default when hitting the domain. The first line indicates where the server doing the heavy OpenID lifting** is located. The second line gives my OpenID over there, which if someone claiming to be metawidget.net wants to be authenticated, they will need to convince Dreamwidth's servers that I am metawidget.dreamwidth.org. If I get sick of being vouched for by Dreamwidth, I just change those two lines to a new provider (the form of the first URL varies from provider to provider, the form of the second is just the usual URL you use for OpenID). Note that I don't include my metawidget.net OpenID in those two lines: that is covered by the fact that those two lines can be found at metawidget.net. Also note that I don't have to register this delegation with Dreamwidth: the only place the delegation exists is on a page I control. The whole shebang relies on the assumption that only I can go and stick code in the head element of whatever comes up at the URL of the OpenID I'm claiming.

There is a presumably out-of-date (at least no longer mainained) PHP script that lets you set up a tiny single-user OpenID server on your own machine, but almost everyone who might want an OpenID on their own domain has another OpenID sitting somewhere.

This post is basically a re-hash with commentary of the technical information I found on Stack Exchange.


*assuming you have an OpenID somewhere else

**by which I mean “lifting I don't want to do”


cross-posted to [personal profile] metawidget

dragonfly: detail of a map showing the island of Live Journal and the smaller island of Dreamwidth.  Caption says,This is my home. (dw island)

[personal profile] dragonfly 2011-04-20 10:03 pm (UTC)(link)
That is very cool and I am going to try it. Thanks!
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2011-04-21 12:05 am (UTC)(link)
This is one of those "doesn't everyone know you can do this" things, right? Delegating OpenID servers but owning your own location was in Brad's original spec way way back, I used to do it but I couldn't afford to renew the domains (stupidly didn't sell them off either, just let two 5+ year old domains lapse).

Still, it's a good thing to do.
msilverstar: (corset)

[personal profile] msilverstar 2011-04-24 11:00 pm (UTC)(link)
I certainly didn't know it was that easy.

Gotta be very careful to renew that domain name though.
shyfoxling: Ravenclaw crest (Default)

[personal profile] shyfoxling 2011-09-15 08:28 pm (UTC)(link)
I was pointed to this by a link elsewhere and perhaps I need coffee, but I'm not quite sure what benefit this gives me. Does this mean I could provide my domain name as an identity URL and it would work, though DW (or whoever) is providing the actual verification?