Invulnerable OpenID identity for a couple of cents

Posted by yrashk

One of the major problems with OpenID is that if your OpenID provider is down, or you can’t recover your passowrd with it you can’t access all the sites that authenticate you by your OpenID identity.

The obvious solution is configuring delegate, though it requires you to have a web site, hosted either for free or for a couple of bucks. Though what if your hosting company will experience network outage or you’ll have scheduled downtime? Yes, you will be unable to use your identity.

A funny solution came to my mind this morning. Amazon S3 is known to be a quite reliable infrastructure for hosting static assets. For literally cents per month you can put HTML file to your bucket that will delegate to any OpenID provider. Your current OpenID provider is down? No problem, just update your HTML to use another provider until your primary choice will recover.

What is also nice is that Amazon S3 has a support of CNAME aliases, which will enable you to use a domain name of your choice to act as your identity (well, in fact it seems that it will be a bit more longer, like bucketname.mydomainname.com or bucketname.id.mydomainname.com or something like this).

The downside of this method that it is still not free, though since I don’t see any reason for heavy traffic targeting your identity delegation page your costs shouldn’t exceed a couple of cents per month.

I haven’t tried this method yet, but once I’ll get a chance, I’ll definitely try.

Why OpenID delegation rocks

Posted by yrashk

OpenID has a neat feature — you can use your own website to be your identity. You can simply put something like:


<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href="http://myname.myopenid.com" />

into HTML head of your http://myname.com/, and voila, myname.com is your uniquely named identity!

But what is more important, it can protect you from your OpenID provider’s down time (just like MyOpenID has a planned down time today). If you will need to sign in with your identity while your provider is down, you can simply update your delegation properties to point to any other OpenID provider where you have an account, and you’re done, you can sign in! Say “No” to down times!

OpenID Sign in and Sign up outsourcing

Posted by yrashk

I should say I like OpenID. It was serving our authentication needs for Issues Done very well and still continues to. Though few days ago we’ve decided that we should simplify the process how users get into the system. And, thanks to MyOpenID, it is possible now — I’ve created an Issues Done sign up in just few minutes. Isn’t it nice? I think it is :)

By the way, we had an internal Groups release today. That means that we’ll soon announce first bits of Groups functionality to our early adopters, so they will be able to share issues within their teams effectively.

Stay tuned :)