OpenID Guerrillas: The Importance Of Using OpenID Delegation And Keeping A Backup Identity
February 22nd, 2008 at 17:40 by pmitchell
(or How Random Internet Funkiness Can Spoil Your Basecamp Experience)
At the end of last week’s hacking session, I was happy to report that I had a working PlusNet beta OpenID and was able to use it to access my Basecamp account.
That following Saturday I wanted to show off to my partner (who uses Verisign PIP for OpenID) my working PlusNet OpenID by logging into Basecamp. It didn’t work. PlusNet’s server wasn’t responding.
“Ah well”, I said, “as it’s a beta, maybe it’s only accessible from within the PlusNet network. I’ll switch back to logging into Basecamp with my username and password like before.” Oh no, I won’t! I clicked the “Login with your username and password” link to switch to the conventional login form and found that I still couldn’t get in. Mild panic ensued.
As it turns out, registering an OpenID against a Basecamp account disables the password-based login! Fortunately, my partner is also the administrator of my Basecamp account. She was able to login, de-register the OpenID from my account and set up a new username/password combination to let me get in.
It was only a minor inconvenience but it worried me for a while. What if my partner’s OpenID provider goes offline? The administrator of a Basecamp account being locked out would be a major inconvenience.
The problem here isn’t with OpenID as such. It’s a problem with the implementation of OpenID on Basecamp but it highlighted for me the good practice of having a backup identity provider for important services. The OpenID specification has an elegant solution to the problem - delegation.
My OpenID identifying URL isn’t my PlusNet one, it’s the URL of my blog. Placing a couple of META tags in my blog header template allows me to redirect the relying party to my identity provider of choice. So, in the situation I found myself in, where my primary identity provider was not available, using delegation allows me to switch to my backup identity provider as and when I need to.
Footnote:
PlusNet’s beta OpenID server was taken off-line last weekend as a security measure to protect it and our customers from an attack that had been perpetrated against one of my colleagues’ accounts. That’s a correct reponse that any provider of OpenID identities will instigate from time to time. Beware random internet funkiness!
This entry was posted by pmitchell on Friday, February 22nd, 2008 at 5:40 pm and is tagged with Basecamp, OpenID, Verisign PIP and is posted in the category OpenID Guerrillas, Web Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
3 comments on "OpenID Guerrillas: The Importance Of Using OpenID Delegation And Keeping A Backup Identity"
have you posted in the basecamp forum to let them know?
No need. The simple solution (which I didn’t notice at the time) is to click the “Can’t login” link on the OpenID login which leads to a page that will email a regular username and password.
Nothing can spoil my Basecamp experience any more, cause I don’t use basecamp. The OpenID feature was a nice one though. I with my new project management tool - Wrike.com had this one in addition to other useful features that basecamp doesn’t have
Add a Comment
Forums
Users online: 89
- Total Topics: 64029
- Total Posts: 516979
- Total Members: 8518
