This blog can't be viewed on LiveJournal. Instead see http://www.apparently.me.uk/3409.html.

The Road to 2.0: OpenID Delegation

19th Jan 2007

The final “implementors draft” of OpenID Authentication 2.0 was released today. With 2.0 nearly apon us, it seems like a good time to explore some of the user-visible changes that are coming. I'm intending to write a short series of posts on various aspects of this, the first of which is this post discussing delegation.

Delegation has, if the buzz in blogs, write-ups and presentations is anything to go by, been one of the most popular features of OpenID 1.1 amongst early adopters. This is perhaps unsurprising since it truly puts the control of your identity in your own hands, and yet it's so simple to implement: you just hack in a couple of HTML tags into the head of your index page on your site. So what's the delegation story in 2.0?

I'm happy to report that things haven't changed a great deal for delegation in 2.0. It's still just as simple as it always was, though you will need to make some adjustments to your two OpenID link tags to take advantage of any OpenID 2 features offered by your provider. Officially this feature has been renamed to “OP-local identifiers” in the 2.0 specification, but since that's such an awkward name I'm just going to go on calling it delegation for now, and I think you should too!

The adjustments you need to make are simple. You just need to add the new 2.0-specified rel keywords in addition to the 1.0 ones, leaving you with something like this:

     <link rel="openid.server openid2.provider"
           href="http://www.provider.com/openid/server">
     <link rel="openid.delegate openid2.local_id"
           href="http://frank.provider.com/">

When an OpenID2-enabled site sees those new rel values it'll know to talk the 2.0 protocol to your provider, thus making the 2.0 features available to you. However, you must not make these changes until your provider has been updated to support the 2.0 protocol, or else you may find yourself unable to log in at 2.0-enabled consumer sites.

There's no rush to do this, as the 2.0 specification mandates that all 2.0 implementations must also support the current 1.1 spec. You won't be able to use the new features, but you will be able to go on logging in as you can today, even on 2.0-enabled sites.

Comments

  • A Little Simpler - Please?

    Hello Mr. Atkins. I've been browsing a lot lately precisely to find more useful info on how to properly use and get more out of my openID (mine is "rene_y" from claimID).

    I left this comment (http://carlo.zottmann.org/2007/01/19/jabber-openid-and-teh-shiny/#comment-5130) in response to a post by Mr. Carlo Zottman (http://carlo.zottmann.org/2007/01/19/jabber-openid-and-teh-shiny/trackback/) on his blog. He admitted it was more of a rant about how the applications which pay more attention to the bells & whistles and other "fluff" end up capturing the general public's interest and subsequent usage and loyalty more than other, more serious, applications like OpenID. My comment was just to tell him that there should be a balance; that some people need to put more effort into speaking to Joe Blow internet user in simpler and more concrete terms.

    Why am I telling you this? Because your post made a big point of saying how oh-so-simple "delegation" of one's OpenID is. Now I can't write in html but I'm no technophobe either, and there was nothing simple to me in your explanations.

    I really do BELIEVE in what the OpenID concept is about (without understanding all of it; does that make it "faith"?) But I think the OpenID priesthood has got to stop speaking in Latin (and yes, maybe enlist some help from the evil fluff-peddlers) so that you can attract more to the faith!

    Rene Ylanan (http://www.claimid.com/rene_y)
    By an anonymous poster at 08:03 am on 20th Jan 2007
    • Re: A Little Simpler - Please?

      Rene,

      I'm sorry that my entry was “cryptic” to you. I must admit that my target audience for this write-up was those who have already been making use of the delegation feature in OpenID 1.1 and wish to know how to continue to use that in the new version.

      The good news is that you don't need to do any of what I described if you don't want to. You could have posted your comment with your OpenID at claimid had you selected the “OpenID” option in the comment form here, though at the moment I'm at the mercy of LiveJournal for the user interface for comments in my blog. It is my hope that in the future, when OpenID has gained a little more popularity, services will appear that let you use the delegation feature on your own domain with no technical knowledge on your part, but for now you can make use of your ClaimID identifier directly and not worry yourself with delegation.

      If you have any specific questions I'd be happy to try to answer them, or refer you to someone else who will be able to answer better than I can.

      By Martin Atkins at 12:30 am on 3rd Feb 2007