{"id":155,"date":"2010-10-05T11:30:00","date_gmt":"2010-10-05T11:30:00","guid":{"rendered":"http:\/\/willemkossen.nl\/b\/?p=155"},"modified":"2022-10-18T11:49:23","modified_gmt":"2022-10-18T11:49:23","slug":"dont-lock-me-out","status":"publish","type":"post","link":"http:\/\/willemkossen.nl\/b\/?p=155","title":{"rendered":"Don\u2019t Lock Me Out"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/willemkossen.nl\/b\/wp-content\/uploads\/2010\/10\/openid_big_logo_text-300x100.png\"><img src=\"https:\/\/web.archive.org\/web\/20150321061748im_\/http:\/\/willemkossen.nl\/b\/wp-content\/uploads\/2010\/10\/openid_big_logo_text-300x100.png\" alt=\"OpenID Closed\" title=\"OpenID CLosed\"\/><\/a><\/figure>\n\n\n\n<p><em>ADVANCED WARNING<\/em>: This post is going to be a bit rant-like\u2026 But you&nbsp;<del>may&nbsp;<\/del>will still like it. There\u2019s some good information, too, that might keep you out of trouble\u2026<\/p>\n\n\n\n<p>You may already know I\u2019m quite fond of&nbsp;<a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/openid.net\/\">OpenID<\/a>. In fact, any security system that makes life easier for me is very welcome. For some time however, there\u2019s something going on that makes the OpenID system a bit less attractive. Providers that quit. \u2018<em>Quit<\/em>?\u2019 I hear you ask?&nbsp;<strong>Yes, Quit<\/strong>!<\/p>\n\n\n\n<p>And that wouldn\u2019t necessarily be so bad if they told their users with advanced notice they were going to do just that. That\u2019s just not what\u2019s happening. I\u2019ll just list a few of the OpenID providers that aren\u2019t anymore:<\/p>\n\n\n\n<ul><li><a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/technorati.com\/\">Technorati&nbsp;<\/a>Read about that one&nbsp;<a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/getsatisfaction.com\/technorati\/topics\/openid_support_has_disappeared_is_it_coming_back\">here<\/a><\/li><li><a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/identity.net\/\">Identity.net<\/a><\/li><li><a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/yiid.com\/\">Yiid.com<\/a>&nbsp;(which is also Identity.net) I got the mail from them this week telling me they just turned of OpenID. So much for advanced warning\u2026<\/li><li><a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/cliqset.com\/\">Cliqset.com<\/a>&nbsp;I don\u2019t even know what happened. It just stopped working.<\/li><li>Logmij.in (Dutch OpenID provider) The site doesn\u2019t even exist anymore.<\/li><li>If you check each one on the list on&nbsp;<a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/openiddirectory.com\/openid-providers-c-1.html\">this site<\/a>, you\u2019ll find quite a few more that seam to be terminated\u2026<\/li><\/ul>\n\n\n\n<p>Just imagine that you\u2019re using an OpenID from one of those providers. They gave you an OpenID which you actually used to log-in to other sites, for instance to update your weblog at&nbsp;<a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/livejournal.com\/\">LiveJournal<\/a>. Now the provider quits. How are you going to access the sites you\u2019re a valid&nbsp;member of? I\u2019ll tell you, you\u2019re&nbsp;<strong>not&nbsp;<\/strong>going to access it, and you\u2019re going to have long talks with the&nbsp;<del>helpful&nbsp;<\/del>support team of those sites (if those even exist) to get your account back.<\/p>\n\n\n\n<p>Since I\u2019ve been fond of OpenID for a long time, I\u2019ve been keeping multiple OpenIDs. That\u2019s a reasonable back-up strategy, but unfortunately not all sites allow you to assign multiple OpenID\u2019s to your account. This really puts you in a tight spot if your provider thinks<em>&nbsp;it\u2019s a good idea to quit<\/em>. There are some good examples though.&nbsp;<a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/plaxo.com\/\">Plaxo&nbsp;<\/a>for instance allows you to add many OpenID\u2019s. What I don\u2019t understand is why they put the management screen hidden as a sub-screen behind a link on the e-mail-addresses-management page, but this post isn\u2019t about Usability\u2026.&nbsp;<img src=\"https:\/\/web.archive.org\/web\/20150321061748im_\/http:\/\/willemkossen.nl\/b\/wp-includes\/images\/smilies\/icon_sad.gif\" alt=\":(\"><\/p>\n\n\n\n<p>Even better as a back-up strategy is the \u2018Roll-Your-Own\u2019 method.&nbsp;<a href=\"https:\/\/web.archive.org\/web\/20150321061748\/http:\/\/www.downloadsquad.com\/2009\/02\/21\/phpmyid-roll-your-own-openid-provider\/\">phpMyID<\/a>&nbsp;allows you to do just that. Host your own private OpenID provider. It will only quit if you decide it will\u2026 I\u2019ve been running mine for a long time and that\u2019s the OpenID I add to a site first. If it\u2019s possible to add more, I\u2019ll do so because my site can be down as well and that would lock me out immediately\u2026<\/p>\n\n\n\n<p>Another (very useful) method is to have your own domain or website delegate to your current provider. If you switch providers, you just delegate to the next one from the same domain or website. That way the OpenID doesn\u2019t change even though the back-end provider does\u2026 Delegation is easy to set up if you have access to the HTML source-code of your website. In the &lt;head&gt;&lt;\/head&gt; section, you add the following code:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;link rel=\"openid.server\"\n      href=\"https:\/\/www.myopenid.com\/server\"&gt;\n&lt;link rel=\"openid.delegate\"\n      href=\"http:\/\/wkossen.myopenid.com\"&gt;<\/pre>\n\n\n\n<p>Naturally, the entry in href=\u201d\u201d changes depending on who serves your OpenID. Your OpenID provider will tell you what settings to implement or with a bit of thinking, you\u2019ll figure it out\u2026 Just note that again, if the delegating website is down, or the OpenID behind that is down, you\u2019re still locked out\u2026<\/p>\n\n\n\n<p>There\u2019s a natural trade-off here. You get to use ONE log-in for MANY sites, but if that breaks, your locked out EVERYWHERE. The alternative is remembering all those passwords and user-names on all those sites the way you used to do. I\u2019ll opt for the first strategy and try to alleviate it as much as possible by adding multiples\u2026<\/p>\n\n\n\n<p>Let me end with stating the obvious here:<\/p>\n\n\n\n<ol><li>If you\u2019re providing essential services people rely on like OpenID, don\u2019t just quit,<\/li><li>If you have to quit, tell the customer well in advance,<\/li><li>Give those people options to move their data (it\u2019s theirs in the first place) \u2013&gt; Dataportability,<\/li><li>Assist them in setting up their OpenID elsewhere and tell them how to move their accounts,<\/li><li>Even better, why not maintain their OpenID URL and let the user delegate it towards another OpenID?<\/li><\/ol>\n\n\n\n<p>It\u2019s like the company that sells you petrol just quit and you come to the station in the middle of nowhere with your empty tank. What are you going to do, Push????<\/p>\n\n\n\n<p>Your comments as always are very welcome below. Thanks for reading!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ADVANCED WARNING: This post is going to be a bit rant-like\u2026 But you&nbsp;may&nbsp;will still like it. There\u2019s some good information, too, that might keep you out of trouble\u2026 You may already know I\u2019m quite fond of&nbsp;OpenID. In fact, any security system that makes life easier for me is very welcome. For some time however, there\u2019s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts\/155"}],"collection":[{"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=155"}],"version-history":[{"count":1,"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts\/155\/revisions"}],"predecessor-version":[{"id":159,"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=\/wp\/v2\/posts\/155\/revisions\/159"}],"wp:attachment":[{"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=155"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=155"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/willemkossen.nl\/b\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}