OpenID implementation

[tailen]

Title
OpenID implementation

Short, concise description of the idea
Use OpenID as a login on LJ. Bind an OpenID account to an existing LJ account.

Full description of the ideaActually, I thought this was how OpenID was supposed to work in the first place

Comments

[alexismckee]

Ok, just to clarify a thing; The whole idea of OpenID being anonymous should abandoned altogether! The point of OpenID is validation and not proving the trustability of the user as such. OpenID users should have the same rights as a normal livejournal user. Of course, there is the problem of spam bots signing up with OpenID, but that can be easily taken care of by presenting OpenID users with a prove-you're-human check upon first login.

So basicly, here is how it should work:

• Current users should be able to assign a OpenID url to their account.
• When logging in with an OpenID for the first time you should be presented with the prove-you're-human form and the livejournal EULA. (Basically that's all that's needed)

Maybe I'm missing what you mean, but...

[pauamma]

Current LiveJournal users already have a URL assigned to their account (in your case, it's http://alexismckee.livejournal.com/), which they can use to authenticate to other servers using OpenID.

When logging in to other servers using the URL assigned to their account, if they're not currently logged into LiveJournal, they need to give their LiveJournal username and password (IIRC). Since they already need a LiveJournal account for this to work, there's no need to show them the LiveJournal ToS again - they already saw those when they created the account.

The first time you log in to a server (other than LiveJournal) using your LiveJournal OpenID identity, LiveJournal checks with you that you really want to tell that other server who you are.

The one thing you can't do, is log in to LiveJournal itself using your LiveJournal OpenID identity. But I don't think that this can be changed, since your OpenID identity can't be verified unless you provided your LiveJournal username and

Re: Maybe I'm missing what you mean, but...

[alexismckee]

Yes, livejournal users currently have a server associated with their account. What I want to see is the ability to use a different server than the LJ one to login with.

For example; I have an OpenID associated with my domain, sonix.dk. Idealistically I would like to be able to go livejournal and just pop in "sonix.dk" and validate myself using my own openID server.

Remember; A undeclared goal of the distributed ID systems is to minimize the number of passwords to remember and the number of secure systems to maintain. If everyone keeps practicing the ideology that LJ currently has (use our server, but get lost otherwise) the idea will never take off.

Re: Maybe I'm missing what you mean, but...

[pauamma]

Do you mean connect to LiveJournal as alexismckee, as if you had entered alexismckee and that username's password on http://www.livejournal.com/login.bml?

[adudeabides]

OpenID was intended for verification off-site...those commenting on LJ without LJ accounts and commenting on other sites with your LJ info.

If you're leaving a comment in someone's LJ and you have your own LJ account, that's a form of identification right there -- associating an OpenID account account with an LJ account makes no sense, within the site. If you're visiting from off-site an leave an OpenID comment, you are not posting anonymously -- OpenID identifies who you are; you are establishing who you are, and it's not something people can effectively fake.

Nevertheless, I do feel users should be able to associate OpenID accounts with their journals, and be able to manage those associated accounts. Though, I suspect that would require more code change than you state.

[tailen]

The link in the suggestion is a bit more general than I had hoped, but here is the other OpenID-related one

What I really cannot comprehend is why LJ has made this.. creative implementation of OpenID?
This seems to go against the spirit of everything you read in the OpenID specifications. It's like it's only implemented half-way.
Just look under the 'Why?' sectionThe idea of people off-site being able to post on LJ is only half of the idea, what about the all-purpose login

[imc]

the 200 geeks using it now ;)

Just out of interest, it happens that 4106 people have so far used an OpenID identity on LiveJournal.

"completely indistinguishable"

[wechsler]

No. I want LJ to tell me whether a given user has been authenticated by LJ itself or a third party site; I do not want to have to issue the same level of trust to LJ users and OpenID logins, as then I'd have to give minimal trust to both.

Re: "completely indistinguishable"

[tailen]

That's not what the quote means. I specified it clearly in the implementation part of the post, and in the comment right here as well :)

Re: "completely indistinguishable"

[wechsler]

You appear to have redefined both the terms "clearly" and "completely indistinguishable" then. If I friend someone, thereby giving them privileges on various aspects of my journal, I want to know what form of security LJ is using to assert their identity; I do not want the accounts to be "completely indistinguishable" for any reasonable definition of that term.

I've used OpenID from LJ with great success to authenticate users on my offsite albums and calendar, but I do so in the knowledge that I am handing off the validation to a third party and use appropriate trust levels.

Re: "completely indistinguishable"

[tailen]

You misunderstand.

This login is both for posting to your own LJ and for commenting on other people's LJ under your own name. It [the login] should be completely indistinguishable from a normal username/password login.

I'm not talking about the account being indistinguishable from an LJ account, I'm talking about the login with OpenID being indistinguishable from an LJ login. I thought it was important to highlight this, because it is the essence of the problem.

And I have to once again point you to the comment above in which I already addressed your concern in reply to decadence1 who also asked about Trust and OpenID.

[noweb4u]

It's been months since I read my openid list mailbox, but as a correlary to your comment, I'd like it if rss was integrated with openID, so when you authenticated with OpenID, it uses your identity URL to discover RSS feeds (using link tags in the document at the identity URL), and creates an actual journal of sorts, with the comment links going back to the actual comment pages for the original feed. If the end comment site supports openID, it'd be actually totally awesome and seamless integration between livejournal and external blogs.

Oh, if wishes were dollars, I'd be a serious man of wealth.

[tailen]

They're currently working on that. There's still standards to be debated, but the idea is that you can save your profile, avatar, whatever you want with your OpenID as either a vCard, RSS, Atom, FOAF or whatever they decide upon, and that info will be downloadable to every new server you login to with your OpenID.

I think it would be possible to include links as you say in your profile as well. Be they URLs or RSS feeds :)

[mart]

I was working on that (the RSS auto-discovery thing) a couple of months back, but ran into a few obstacles which meant I had to rethink a bit. I agree with you that this would be very useful and I'd like to make it happen, but there are some migration issues and some potential abuse issues to think about.

[kunzite1]

OpenID users are lumped with anon for ease of programming. i think.

LiveJournal users can use LiveJournal as an OpenID authentication server.

in order for LiveJournal to figure out who you are, you must log in using your username and password.

once you're logged in to LiveJournal, you can log in using OpenID somewhere else that has OpenID support. such as DeadJournal.

sounds like you're trying to minimize your passwords to nothing. which makes OpenID useless, because you have to log in somewhere to make OpenID happen.

for the purpose of an example that i'm going to perform, i'm commenting here with my LiveJournal account of kunzite1.

[kunzite1]

well, damn. i was going to comment as ext_3033 but anon/OpenID commenting is disabled for suggestions.

point is, i went to DeadJournal and logged in as

[tailen]

well, damn. i was going to comment as kunzite1 [deadjournal] but anon/OpenID commenting is disabled forsuggestions

O! The bittersweet IRONY! ;)

The LJs have some sort of login thing going on between them as well, I don't know exactly how that works, but if you look for instance at the login to zoomr.com, you'll see that you can login with your LJ account there as well.
This, I don't think has anything to do with OpenID, however. It's a cookie thing, I bet.

So what you're demonstrating by logging into LJ and DJ at the same time, I'm not entirely sure that has anything to do with OpenID? Or is it due to the fact that your OpenID server is the LJ server?

And why aren't Interests on Deadjournal called 'Obsessions'?

[kunzite1]

O! The bittersweet IRONY! ;)

:P

but if you look for instance at the login to zoomr.com, you'll see that you can login with your LJ account there as well.

the OpenID option asks for a URL to authenticate with.
the LiveJournal option also asks for a URL to authenticate with.

the LiveJournal option also includes some instructions:

1. Make certain that you are logged-into LiveJournal.com
2. Enter your LJ Username into the box on the left and hit "Verify".
3. When asked if you would like to "Grant identity validation" for Zooomr.mylevel9.com, click "Yes; Always"

so. it's advertising that if you've got a LiveJournal account, you can log in via OpenID because LiveJournal acts as an OpenID authentication server.

i logged in at DeadJournal using my DeadJournal username and password.
i came to LiveJournal and logged in via OpenID by using DeadJournal as my OpenID authentication server.

i have no clue as i don't use my DeadJournal, often. :P