Sunday, November 16, 2008

OpenID - Part 2

If your site needs to provide a logon feature, then security is high on my mind. You always need to evaluate how much security something needs. If you are not too concerned, then a single password to access some bit of content is fine. If you want to provide different services to different users, then a user ID and password is nice to implement. If the information on your site includes personal data about the user, or especially financial data, then encryption is a must. But what if you only want to protect the user ID and password? OpenID could be your solution!

I've just added OpenID login to My Family Web Site. I'm still testing the code that I had to modify from it's original source to work on my Shared Hosting service provider. But, it appears to work. Anyone can now log into my home web site with OpenID. Nothing different to see by logging in yet, but I am working on the authorization portion so that different users will have access to different features of the site in the future. Initially this will be for my family, but who knows what I might add later on.

Ok, now on to the next cool item. Several OpenID providers (MyOpenID & Verisign) allow you to create and install Browser Certificates! This means users don't need to log into those sites at all. When users want to log into your site, they submit their OpenID URI, authorize their OpenID provider to supply verification to your site, and they are authenticated! Now you can choose if you consider them logged in and what access they have based on that logon.

No comments: