• The code powering the service is Free Software, licensed under the GNU Affero GPL.
• Create an account and login to the account using OpenID
• Stable (so far) Jabber support
• Utilizes the Open Service Definition

Wait a minute. Rehash that list. Free Software, OpenID, Jabber and an Open Network Service. Sense what I’m sensing? Identi.ca is all about openness and freedom\. Uh, yeah. Signed up, and ditched the other proprietary solutions. I would be surprised if RMS had issues with this service (actually, I probably wouldn’t be surprised, but you get my point).

However, Identi.ca is a bit wet behind the ears currently. Jabber interactivity with the bot is extremely limited. SMS is planned, but not currently implemented. Subscribing to other users is a bit of a pain currently. No search feature. Other shortcomings are listed as bugs and feature requests are welcomed.

You can subscribe to my posts at my page. Happy microblogging.

Thanks.

• America Online
• Orange
• LiveJournal and Vox
• WordPress.com
• Yahoo!
• Blogger
• Verisign
• … and more

Supposedly, news has hit the front that Microsoft will be supporting OpenID as a provider, and rumors have it that your GMail account can be used as an OpenID identity. But what about logging into these providers with an existing identity? Here’s the question posed: Can I login to AOL, or create and AOL account, with an already existing OpenID identity? What about LiveJournal? WordPress? Yahoo!? Blogger? etc.

NOPE.

Like mentioned earlier, the big players are willing to throw their support behind being a provider, but not allowing the creation of new accounts, or signing into existing accounts, with previously setup identities. So, what’s the point then? If everyone has an identity to use, but no one can use it, what’s the point of creating the identity to begin with? I thought OpenID was all about 1 account and 1 password. Yet, I still have to login to Yahoo! with my Yahoo! account. I still have to login to GMail with my GMail account. And I still have to login to AOL with my already existing AOL account. So, it’s a far cry from the single login that OpenID is working so hard to achieve.

My cry to the providers, is if you really want to support OpenID, then allow users access to their account through an already existing OpenID identity. Don’t only become a provider, but show 100% support by giving them the ability to login with their OpenID account. I don’t want 500 OpenID accounts that I can’t use, because my providers won’t allow me login access with them.

At any event, users are encouraged to use OpenID when commenting on my site, as I take great pains to make sure that the next time you comment, you will bypass my spam filters. If there are any questions, please don’t hesitate to place them in the comments below.

UPDATE: In the latest version of this plugin, you can check a box that will enable bypassing spam filters out the gate.

On the flip side, I am also on the lookout for sites that have OpenID built into their application. As such, I check out what the site is about, and if it is even semi-interesting, I’ll create an account using my identity URI, and start going. Some services, such as Zooomr, have a ways to go still, but it’s fun to discover these new and unheard of sites, all because I can login with just one account. Very nice.

Then I look at my existing accounts. I see some big name accounts that I hold, such as Google, Technorati, and Ubuntu. I see it as nothing but beneficial for these services to begin implementing OpenID. The code is open, and it is trivial to build the service on top of your existing framework. It does nothing but extend the possibility of increasing the potential number of users on your site.

Of course, I will continue to use and register for the services that are important to me, OpenID or not. Ultimately, I can’t have my productivity hindered because of the lack of OpenID in some sites and services. I wouldn’t expect anyone else to hinder their productivity. However, if you’re a provider of some service, and you’re hoping to increase your user base, may I suggest spending one day getting OpenID into your application? Chances are good, that you’ll see a surge in registered users and a need to use your service. I could become one such potential user.

However, as with all technology, this could be abused. Phishers and spammers can still create OpenID accounts, and use them to bypass spam security. However, the level of work that is involved in using an OpenID account makes this unlikely. For example, not only do they need to create OpenID identities, but every time they use it to spam a blog with comment floods, they will have to verify from their OpenID provider that they want to trust that blog with their identity. So, in the meantime, it’s pretty safe. Also, I know that once whitelisted, on OpenID user could still become a troll or other problem in the comment system. Those will just have to be dealt with on a case-by-case basis.

So, if you have an OpenID account, and would like to bypass my spam filters completely (I know they can be a pain sometimes), go ahead and use it here, and you’ll be added to the whitelist. As of this writing, all newly created accounts with OpenID are added to the whitelist by hand. I hope to have some code released soon to automate the process. Also, I’ll be publishing my whitelist for other bloggers to use in their blogs if they would like.

Here’s how it works. First, the 3 fields of “Name”, “Email” and “Website” are still there, just the “Website” field will now check to see if it is a valid OpenID URI. If so, it will automatically populate the “Name” and “Email” fields, provided that you created a persona with your OpenID provider. If the field does not contain a valid OpenID URI, then it will just behave as normal, allowing your to attribute any website to your name.

If you are curious what WordPress plugin I am using to pull this off, it can be found here. If you would like to delegate your WordPress blog as your OpenID URI, then there is a delegation plugin that can be found here.

A word of note on the OpenID plugin. If you are running Debian/Ubuntu and powering your site with PHP5, GMP is not available in the repos, which this plugin relies on for performance. The plugin will behave fine without it, however. If you would like GMP for the plugin, then you will need to compile it in from source yourself, which isn’t that big of a deal, just heads up is all. All systems are normal, and performance seems okay for me, so I haven’t bothered looking into getting GMP on my Ubuntu server.

Can I setup my own OpenID server?

I pull open my terminal, and ‘aptitude search openid’ in Ubuntu. I see two packages with ‘openid’ in the name, one a consumer package, the other a server package. “Sweet!”, I think. So, before installing the package, I begin searching for documentation on setting up an OpenID server in Ubuntu. Seeing as though I’m running my own server in my basement, I figure why not? After all, I own several domains that I could use to authenticate against.

So, I start Googling around, and not to my surprise, I stumble on some Gentoo documentation on their wiki for setting one up. However, first in line in the documentation isn’t setting up a server, but using an existing domain that you already own as delegation to your existing OpenID account. This is easy to do by only adding 3 lines of code to your HTML file under that domain.

I would much rather use aarontoponce.org for my identifier than myopenid.com. So, in the index.html file under aarontoponce.org, I added the following 3 lines of code to the header. For example, if I had an OpenID account at www.myopenid.com, and the URL to that account was atoponce.myopenid.com, then here is what I would add:

The necessary code to add to your HTML file may vary on OpenID server. Check the documentation, or Google around a bit to get the necessary code for your particular server. The code above will only work with myopenid.com. You just need to make the changes as necessary for LiveJournal or other OpenID servers.

All 3 lines are necessary to ensure the maximum compatibility between versions of OpenID servers. Now, when logging into a site that utilizes OpenID (Google- are you listening? ), I can use my own domain to handle the identification rather than a 3rd party. It is important to note, however, that myopenid.com in this case is handling the authentication, and not aarontoponce.org. Rather, myopenid.com is merely allowing aarontoponce.org to handle the identifying requests. I will still be forwarded to myopenid.com, and asked to enter my password when logging in. I just get to use my own domain, rather than myopenid. Make sense? Hopefully I have all the terminology correct.