20 Comments

  1. Personally I just use myopenid.com – but I always login with http://patrick.geek

    I have an SSL vhost already, it only costs me $20/year (don’t need to pay for a static IP because I have a whole server to myself) from godaddy.com. Slightly less than $250 CDN.

  2. @Patrick: I’m thinking MyOpenID is the smart way to go for now, given that they provide SSL and encryption for secure transmission of credentials. But, it still feels somehow wrong to use a central broker to manage a distributed identity… btw, I’ve had a MyOpenID site for awhile now, too. I just wanted to go through the motions to see what it would take to set up my own. It works, but it’s not ideal at the moment…

  3. I updated the blog post – I reverted back to MyOpenID because it’s secure. I’m going to be using my own URL, so it’s easy enough to switch providers, or run my own, eventually.

  4. For me it’s like email: I could run my own mail servers*, but it’s easier to let someone else do it – as long as the identifier is under my control. With a Windows Live ID (yucky name that), even though you might sign in using your own (non-hotmail) email address, you never really have control over the identifier.

    (* well, ok, so all my email runs through my own before landing in a Joyent Connector, but still)

    Now all you need to do is let people sign in to wordpress using OpenID to submit comments. You could of course be super heavy handed like myself & Jesper (http://waffle.wootest.net/) – he’s using wordpress. (He might have used a plugin, I’m not 100% sure.)

    I think I should try playing with setting up an OpenID server as well – maybe I could get it to hook in to my SimpleLog install as well (auth against my SimpleLog admin interface maybe…). Sounds like a project I should undertake anyway.

  5. @patrick: I’ve disabled PopularityContest. Its value was dubious at best, and the fact that it appears to get in the way of OpenID means it gets kicked to the curb. Any better?

  6. The security of openid has been keeping me busy for a few days now and I, like yourself, am primarily interested in creating a secure openid using my WordPress blog. Your post , the comments and your updates have been very helpful, thanks!

  7. Oops, I had a question as well 🙂

    You said that you have the WordPress OpenID authentication plugin installed, but I don’t see any way to comment using OpenID. Are you having implementation issues or am I missing something?

    Thanks again,
    Leonard

  8. @Leonard: I was having problems with the OpenID plugin, and had to disable it. I’ll check for an update to see if it plays nicely now. I miss it.

  9. Rama

    “…cost almost $250CDN per year to do that ($48US per year for static IP, $189US per year…” YIKES!! Are you out of your mind? 🙂

    If you have your own server, it comes with a few static IP addresses and also openSSL. The realistic “extra” cost? $0

    🙂

  10. You can get an SSL cert for $20 from GoDaddy (google godaddy ssl code, they have a google ad that will save you $6 straight away), so that’s USD$68/year, or ~$6/month. Then you can put your WordPress admin under the SSL (why log in to your blog admin in clear text?!) and lots of other interesting things!

Comments are closed.