openid icon

Initial Thoughts on OpenID

Posted in , , Sat, 07 Jul 2007 20:39:00 GMT

There has been a lot of talk about OpenID so I decided to take a look at it and think about some of the potential issues with respect to broad adoption and integrating it into a website as a relying party. There have been numerous attempts to either improve the security of authentication via the web or improve the usability with SSO (Single Sign-On) including client SSL, OTP tokens, USB tokens, AmEx Blue smart cards, Microsoft Passport, Verified by Visa, etc. Many of these had SSO capabilities but none has been able to supplant local passwords. It will be interesting to see if OpenID can succeed where these others have failed. Here are my thoughts after watching two screencasts but before following the mailing lists. I'm now reading the list archives and it seems a number of similar issues are being discussed.

Read more...
del.icio.us:Initial Thoughts on OpenID digg:Initial Thoughts on OpenID reddit:Initial Thoughts on OpenID spurl:Initial Thoughts on OpenID wists:Initial Thoughts on OpenID simpy:Initial Thoughts on OpenID newsvine:Initial Thoughts on OpenID blinklist:Initial Thoughts on OpenID furl:Initial Thoughts on OpenID fark:Initial Thoughts on OpenID blogmarks:Initial Thoughts on OpenID Y!:Initial Thoughts on OpenID smarking:Initial Thoughts on OpenID magnolia:Initial Thoughts on OpenID segnalo:Initial Thoughts on OpenID

2 comments

catalyst icon

Single Sign-On (SSO) with and without subdomains

Posted in , , Sun, 17 Jun 2007 01:06:00 GMT

If you are running a site without a subdomain, e.g. http://dev411.com and need to maintain cookie-based sessions across other server names with subdomains, e.g. blog.dev411.com and wiki.dev411.com, you will need to customize your session cookies.

To have your session cookie be used across multiple subdomains, set a wildcard domain which starts with a dot followed by the base domain name, e.g. ".dev411.com", which will make it qualify for all subdomains of dev411.com. This, however, will not work for http://dev411.com where there is no subdomain.

The have the same session used for http://dev411.com, set a second session cookie without domain. This way the domain-less cookie will be used for http://dev411.com and the wildcard domain cookie will be used for all subdomains.

Catalyst 5.7007 will only set one cookie per cookie name, however, this solution works best when you can set both cookies with the same name but different cookie domains. I put together a quick patch for Catalyst::Engine to allow multiple cookies when the cookie value is set to an arrayref.

del.icio.us:Single Sign-On (SSO) with and without subdomains digg:Single Sign-On (SSO) with and without subdomains reddit:Single Sign-On (SSO) with and without subdomains spurl:Single Sign-On (SSO) with and without subdomains wists:Single Sign-On (SSO) with and without subdomains simpy:Single Sign-On (SSO) with and without subdomains newsvine:Single Sign-On (SSO) with and without subdomains blinklist:Single Sign-On (SSO) with and without subdomains furl:Single Sign-On (SSO) with and without subdomains fark:Single Sign-On (SSO) with and without subdomains blogmarks:Single Sign-On (SSO) with and without subdomains Y!:Single Sign-On (SSO) with and without subdomains smarking:Single Sign-On (SSO) with and without subdomains magnolia:Single Sign-On (SSO) with and without subdomains segnalo:Single Sign-On (SSO) with and without subdomains

1 comment