Plaxo OpenID support lacks OpenID Delegation support

UPDATE: Plaxo DO support delegation, just not XRDS. It seems a WP database problem caused some of my OpenID delegation plug-in to mess up settings the wrong openid.server and openid.delegate values.

It should have been http://www.myopenid.com/server for openid.server and http://eran.myopenid.com for openid.delegate. The problem was due to the fact that XRDS is yet to be supported in Plaxo. I didn’t notice the problem with the configuration of openid.server and openid.delegate due to the fact that the XRDS settings was correctly configured and all of the sites that I use OpenID with do support XRDS.

——-

Plaxo is a real cool tool to synchronize your calendar and address book. Their new v3.0 (still in preview/beta mode) is really really cool and can sync from everything to everything.

They just announced that they now support OpenID as a relaying party so you can sign up for Plaxo using an existing OpenID or attach OpenID identities (yes, in plural) to your Plaxo account.

I already had a Plaxo account so I wanted to attach my existing OpenID to it. My OpenID is actually delegated from this blog to MyOpenID (my OpenID provider) using the OpenID Delegation plugin. It seems as though the Plaxo implementation lacks support for delegation.

Too bad, delegation is one of the stronger features OpenID has.

Plaxo, please support OpenID delegation. Without delegation it’s not a complete OpenID solution (at least I think so).

OpenID, Trust, Vendor Locking and Delegation

There is a lot going on about OpenID these days and a lot of claims are being raised which prevents greater adoption of OpenID by users.

One of these claims is about Trust and Vendor Locking. How can I trust a certain OpenID vendor? after all, gaining access to my OpenID account will give access to all of the sites I’ve signed in/up using OpenID.

This is a legitimate claim, since it reminds everyone of how Microsoft Passport.NET Live ID is not that successful being a one vendor, non transferable identity.

One of the key elements of OpenID is that it’s decentralized and there is no one body that controls it but if a user signed up to a certain OpenID vendor they are essentially locked into that vendor unless they have the proper skills or items that allows them to perform delegation.

Having delegation is exactly the thing to make all of these claims go away since delegation give the power back to the user. The underlying OpenID vendor will supply the service but everything MUST go through the user’s domain to get to the vendor, thus allow the user to change vendors without being locked in.

The problem with delegation, however, is that it requires a certain amount of preparation. You either need to have your own site/blog and add the necessary <head> tags or you need to use a service like FreeYourID.com (I’ve previously written about it here) which gives you a URL composed out of your name (using the .name domain).

The problem with the solution of FreeYourID.com is that its only one .name vendor that provides this service. Although they are responsible for the whole .name TLD it is still a sort of vendor locking. If all .name providers will support such a service, things will look much better.

To sum things up, a possible answer for the claims about OpenID, Trust and Vendor Locking is to simply highlight the benefits of delegation and provide all of the necessary technical means needed to make this as easy as possible.

Below is a list of a couple of ideas I thought about (some are more of a wishful thinking since it doesn’t depend on the OpenID community alone) which might make things easier for everyone:

  • Support for OpenID for .name domains available with all the .name providers
  • Built-in support for Delegation in blogging platforms including hosted ones such as WordPress.com, Blogger, TypePad and the rest (for WordPress blogs that you are on your own server/domain you can use my OpenID Delegation plugin :-) )
  • Support for migrating existing accounts in existing sites to an OpenID account, thus allowing users to consolidate their various accounts on various sites into an OpenID account.
  • Support for migration of accounts between OpenID vendors including support in the OpenID spec to figure out a permanent redirection and perform a necessary fix up (similar to a permanent redirection performed in HTTP).

Technology is suppose to make things easier for everyone and lower the barrier of participation so that everyone, regardless of their skills, can use technology for their benefit. Let’s lower the participation barrier for OpenID and let everyone claim their own identity.

FreeYourID.com

I’m probably the last person to talk about this but Scott Kveton posted on his blog that his company, JanRain and GNR (who manages the .name top level domain) has come into partnership to deliver a solution that encompasses a .name URL for you as well as built-in OpenID delegation support.

Check the details at the FreeYourID.com site.

You’ll get a 90 days free trial, after which it will cost $10.95/year.

You’ll get a forwarding email address in the form of yourFirstName@youLastName.name (if its available) as well as a site in the form of www.yourFirstName.yourLastName.name. You can forward that site to whatever page you wish.

The best part is that you automagically get to use this URL (which is rather easy to remember. Duh!) as your OpenID URL in any OpenID enabled site.

The OpenID provider for this service is, of course, JanRain’s own MyOpenID.

I don’t know how much similar services for .name domain (minus the OpenID support, of course) cost per year, but I think this is one of the cheap ones.

The only thing I can add to the discussion in the comments section on Scott’s post, is that if GNR will enable other people using a .name solution to migrate to this new service, that would really make things going. Oh, and they should probably also offer an Email box (which might make this solution cost a bit more, but I think its worth it) because the few people that I know of have a real Email box attached to ther .name solution.

I don’t think that I’ll need a .name solution since I own sandler.co.il which is more than fine by me, but this is great for anyone who doesn’t want to mess too much with settings up domains, sites and the rest.

OpenID Delegate Plugin for WordPress

Continuing my WordPress plugin frenzy and after release the MicroID WordPress plugin, I’m releasing another plugin, this time for OpenID delegation.

The plugin is named “OpenID Delegate” and you can read all the details and download it from here.

Q: So what’s this OpenID I’ve been hearing about?
A: According to OpenID.net:

OpenID is an open, decentralized, free framework for user-centric digital identity.

OpenID starts with the concept that anyone can identify themselves on the Internet the same way websites do-with a URI (also called a URL or web address). Since URIs are at the very core of Web architecture, they provide a solid foundation for user-centric identity.

What does it mean? Well, basically it means that if you have an OpenID account on an OpenID server and you are accessing an OpenID supported site (see the list of them here) you can use a special URI that your OpenID provider provides you and the password you have chosen to sign-up (and afterwards sign-in) to these sites.
That’s right. You’ll use the same URI and password to sign-in and up for all OpenID supported sites. This is also referred to in the enterprise (and the rest of the world) as Single Sign On or SSO for short.

Q: “So, what’s your OpenID Delegate plugin got to do with it?”
A: It’s quite simple. Assuming you run your own WordPress blog, wouldn’t it be cool to use your blog’s URL and the password provided by your OpenID provider as your URI of choice for signing in and up to OpenID supported sites? Yes it will!

Q: “But you could have just modified your theme and added the necessary meta tags…”

A: Yeap, I know could, but it’s much easier having it as a plugin, allowing me to replace themes without remembering that I’ve added these values to the head tag.

Q: “Where do I get an OpenID account?”

A: Well… you have a couple of ways. First, you might already have an OpenID account if you have an account at either WikiTravel, LiveJournal, DeadJournal, Zooomr, Technorati, etc (see the rest of the list here. Not all of these sites are OpenID providers though).
If you don’t have an account you can open a free one at myOpenID – a free OpenID provider.

The 3rd option you’ve got is to run your own server (not for the faint hearted).

It’s time to own your identity, but if you can’t really own it (i.e. run your own server) at least delegate it and make others think you do!