{"id":30,"date":"2007-04-22T15:11:50","date_gmt":"2007-04-22T19:11:50","guid":{"rendered":"http:\/\/danielroop.com\/blog\/2007\/04\/22\/tallyhoh-openid\/"},"modified":"2008-02-20T21:35:19","modified_gmt":"2008-02-21T01:35:19","slug":"tallyhoh-openid","status":"publish","type":"post","link":"http:\/\/danielroop.com\/blog\/2007\/04\/22\/tallyhoh-openid\/","title":{"rendered":"TallyHoh OpenID"},"content":{"rendered":"<p>I was going through my feeds <abbr title=\"2007-04-19T08:05:25Z\">this morning<\/abbr> on <a href=\"http:\/\/tallyhoh.com\">Tallyhoh<\/a> and I came across Adam Fortuna&#8217;s post on <a href=\"http:\/\/www.adamfortuna.com\/2007\/04\/19\/problems-with-openid\/\">Problems with OpenID?<\/a>.  He was discussing a post done over at Factory City a site I hadn&#8217;t seen before.  His article, <a href=\"http:\/\/factoryjoe.com\/blog\/2007\/03\/24\/problems-with-openid-on-highrise\/\">Problems with OpenID on Highrise<\/a> by Chris Messina, immediately made me switch into <abbr title=\"David Heinemeier Hansson\">DHH<\/abbr> mode.  This article discusses issues he takes with how the <a href=\"http:\/\/dev.rubyonrails.org\/browser\/plugins\/open_id_authentication\">open_id_authentication plugin<\/a> works.<\/p>\n<h4>Normalization of Open ID<\/h4>\n<p>Chris talks about the decision made by DHH on how to normalize the identity.  He claims:<\/p>\n<blockquote><p>Of course, 37 Signals can do this, but what happens when the identity URL that someone uses on Highrise doesn\u00e2\u20ac\u2122t work elsewhere because other consumers aren\u00e2\u20ac\u2122t as liberal with what they accept?<\/p><\/blockquote>\n<p>I would agree with him, if not for a simple Google search to see the <a href=\"http:\/\/openid.net\/specs\/openid-authentication-2_0-11.html#normalization\">draft 2.0 specification<\/a> for open id, where they discuss proper normalization of a identity url.  The other problem I have with this section of his article, is his claim that these 4 urls should be the same:<\/p>\n<ul>\n<li>factoryjoe.com<\/li>\n<li>http:\/\/www.factoryjoe.com<\/li>\n<li>http:\/\/factoryjoe.com<\/li>\n<li>http:\/\/factoryjoe.com\/<\/li>\n<\/ul>\n<p>I agree with one exception.  The absence of a sub-domain is a domain in itself.  Even though usually in the world wide web, people make this the same, I don&#8217;t think it should propagate over to open id.<\/p>\n<p>My understand of the open_id_authentication plugin, is that it is suppose to handle the three cases with no sub-domain.  However so far in my experience it is not adding the trailing space, if it is not there, which is no fun.  Hopefully this will be fixed soon.<\/p>\n<h4>Lack of i-names<\/h4>\n<p>This article was the first I have heard of i-names, and I am sure they are extremly cool, and helpful.  My issue with his complaint is that i-names were not added to the open id 2.0 specification, and it is still a draft.  So I don&#8217;t believe it is worth spending time implementing something that might not end up in the final version.  Especially a topic that has so much <a href=\"http:\/\/openid.net\/pipermail\/general\/2007-February\/001724.html\">debate<\/a> around it as i-names.<\/p>\n<h4>Double Delegation<\/h4>\n<p>Open Id allows for a wonderful process of delegation.  This allows sites like <a href=\"http:\/\/www.claimid.com\">Claim ID<\/a> and <a href=\"http:\/\/www.myopenid.com\">MyOpenId<\/a> to provide an open id service.  Then you can append two meta tags on your own website to delegate the authentication to one of these service providers, but you can use your own domain, for instance.. http:\/\/danielroop.com as your open id.<\/p>\n<p>This article brings up a problem that I was not aware of, that you could not delegate multiple times.  According to his article ( I did no research of my own) the open id specification, does not allow for multiple delegations. They did this to not prevent an endless loop of calls.  In this specific instance, his friend was using <a href=\"http:\/\/www.claimid.com\">Claim ID<\/a> as his service provider.  Claim id, is kind enough to give a shorten versioned of their normal identity url.  The problem lies in the implementaiton, and in this case, open id, did not do any magic on their side, they just did a delegation to the normal url.  His friend apparently did not read the <a href=\"http:\/\/claimid.com\/openid\">documentation<\/a> on how to setup your own domain to use the claim id service.  Because it states very clearly, to use the full http:\/\/openid.claimid.com\/[username], it even goes as far to give you copy and paste code if you are logged in to the site.<\/p>\n<h4>I agree<\/h4>\n<p>I will wrap this article up by commenting on what I do appreciate about his article. First, I am happy to see people talking about Open ID.  I am new to the game, but I think it is very promising .  Second, I am glad someone is talking about <a href=\"http:\/\/www.37signals.com\/\">37 signals<\/a>, in the negative.  What they see as wrong.  The rails community often takes a stance that <a href=\"http:\/\/www.37signals.com\/\">37 signals<\/a> does no wrong, which this article did not.  I also agree with his commentary on the sign-up process.  I am very suprised that <a href=\"http:\/\/www.highrisehq.com\">Highrise<\/a> does not make you verify your openid before you use it.  Tallyhoh addresses this issue, by not having a signup section for open id.  You simply log in, if you have not logged in before, we request certain information be filled out, and then you continue as before.  With this model, if they enter an inaccurate open id, the login will never be created.<\/p>\n<h4>In Conclusion<\/h4>\n<p>Even though I may come across like I don&#8217;t like this guy, it is quite the contrary.  I do appreciate the questions and concerns he raised.  And after reading over the article a couple times writing this post, I realized, that in the context of Highrise, he is right.  I believe the way 37 signals chose to implement their openid lends to numerous problems, that could be fixed. That being said, GO OPENID!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was going through my feeds this morning on Tallyhoh and I came across Adam Fortuna&#8217;s post on Problems with OpenID?. He was discussing a post done over at Factory City a site I hadn&#8217;t seen before. His article, Problems &hellip; <a href=\"http:\/\/danielroop.com\/blog\/2007\/04\/22\/tallyhoh-openid\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[24,7],"class_list":["post-30","post","type-post","status-publish","format-standard","hentry","category-programming","tag-openid","tag-tallyhoh"],"_links":{"self":[{"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/posts\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/comments?post=30"}],"version-history":[{"count":0,"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/posts\/30\/revisions"}],"wp:attachment":[{"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/media?parent=30"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/categories?post=30"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/danielroop.com\/blog\/wp-json\/wp\/v2\/tags?post=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}