All Regions
Argentina
Australia
Austria
Belgium (fr)
Belgium (nl)
Brazil
Bulgaria
Canada (en)
Canada (fr)
Catalonia
Chile
China
Colombia
Croatia
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hong Kong
Hungary
Iceland
India (en)
Indonesia (en)
Ireland
Israel (en)
Italy
Japan
Korea
Latvia
Lithuania
Malaysia (en)
Mexico
Netherlands
New Zealand
Norway
Pakistan (en)
Peru
Philippines (en)
Poland
Portugal
Romania
Russia
Saudi Arabia
Singapore
Slovakia
Slovenia
South Africa
Spain (ca)
Spain (es)
Sweden
Switzerland (de)
Switzerland (fr)
Taiwan
Thailand (en)
Turkey
US (English)
US (Spanish)
Ukraine
United Kingdom
Vietnam (en)
Any Time
Past Day
Past Week
Past Month
Past Year
wordpress microID plugin
willnorris.com/2006/wordpress-microid-plugin/
A
microID
is basically an assertion of ownership with three distinct parts. The authority making the assertion - this is the actual webpage that the content is hosted on. If you have the ability to manipulate the content of a given website, then it is assumed that you have some kind of authority over that security domain (or at least a small ...
hCard is not a provisioning engine (for private data)
willnorris.com/2007/hcard-is-not-a-provisioning-engine-for-private-data/
Last week I wrote about how hCard is much more appropriate than OpenID for the provisioning use-case and Chris continued that discussion, questioning why we need SREG and Attribute Exchange when hCard works just fine.. So the question is, when OpenID is clearly a player in the future and part of that promise is about making things easier, more consistent and more citizen-centric, why would we ...
OpenID is not a provisioning engine - willnorris.com
willnorris.com/2007/openid-is-not-a-provisioning-engine/
In talking about the future possibilities of OpenID 2.0 and the Attribute Exchange extension, James Henstridge mentions, Imagine being able to update your shipping address in one place when you move house and having all the online retailers you use receive the updated address immediately. Or changing your email address and having all the bugzilla instances you use pick up the new address ...
willnorris.com
willnorris.com/projects/wp-microid/
Permanent Redirect.
Best Practices with Directed Identity
willnorris.com/2009/best-practices-with-directed-identity/
Given the current discussion happening right now around federal website cookie policies, and the good response I got from my last post, I wanted to continue talking about directed identity a little bit.In this post, I want to talk about how directed identity has actually been implemented in projects I've been involved with, and what lessons can be learned from that.
wp-openid 2.2.0 released - Will Norris
willnorris.com/2008/wp-openid-220-released/
I've just released version 2.2.0 of the OpenID plugin for WordPress. Notable additions in this version: POST replay for comments - this should fix all the compatibility issues with other comment related plugins like reCaptcha.
WordPress OpenID 2.0 (coming soon?) - willnorris.com
willnorris.com/2007/wordpress-openid-20-coming-soon/
I'm somewhat hesitant to pre-announce some of this, but maybe giving myself some kind of deadline is the only way to actually get it done. In recent weeks I've spent some time on my wordpress openid plugin, which has gotten some attention the last several months.A number of people have had trouble with WordPress 2.2.x and there were a number of outstanding issues I'd been wanting to ...
How well does your OpenID Provider stack up?
willnorris.com/2007/how-well-does-your-openid-provider-stack-up/
There are increasingly more specs in the OpenID space, and many of the extensions rely on XRDS documents to publicize support. To help enable that, I've been looking to update my yadis plugin for WordPress to automatically include the correct protocol support for the major OpenID Providers. Of course, in order to do that I have to actually find out what all protocols they supported, so I ...
A New Kind of OpenID Proxy - Will Norris
willnorris.com/2009/a-new-kind-of-openid-proxy/
It's an interesting concept, however, as a privacy nerd, it leaves me unhappy. You've mentioned that the salt could be stored or compromised, but far worse the actual OpenID used could be stored. As a privacy nerd I must assume the service is my enemy (this is why protocols like ToR and MIxmaster are set up to work even if you do not trust the nodes themselves).
WordPress OpenID v3.3 - Will Norris
willnorris.com/2009/wordpress-openid-v3-3/
Tom: why don't they work? Because email addresses are not OpenIDs. Google defined their own custom discovery protocol for Google Apps. RPX, which the demo
site
you linked to is using, implements Google's discovery protocol so it works on any RPX
sites
.Because this is not a standard discovery protocol, but is instead a vendor-specific option, I will not be adding support for it to the OpenID ...
Changes to wp-openid
willnorris.com/2008/changes-to-wp-openid/
Today I committed a few pretty substantial changes to wp-openid, changing how the OpenID flow happens. Effectively, I've created a new single endpoint which receives all OpenID responses, located at /openid_consumer. Previously, these response were sent to a number of different endpoints depending on whether you were simply logging in, leaving a comment, or adding a new OpenID to your ...
improving OpenID support
willnorris.com/2007/improving-openid-support/
Sam Alexander of MyVidoop emailed me last week to say that they'd be rolling out some new features in regards to OpenID support. Sure enough, you can see on the OpenID Support table that they've added support for xrds-header, yadis-html, and most importantly, content-type. Additionally, IDtail, a Korean OpenID provider, added support for content-type as well since I last updated the table.
Java OpenID Library Design - Message Handling - Will Norris
willnorris.com/2009/java-openid-library-design-message-handling/
This past June I contracted with Internet2 to work on adding OpenID support to the Shibboleth Identity Provider. I had actually started to work on this over a year prior while working at USC. At the time there were (and still are) two primary OpenID libraries in Java, Verisign's JOID, and Sxip's OpenID4Java.I spent a fair amount of time looking at both libraries, but ultimately decided ...
Comparison of Support among OpenID Providers - Will Norris
willnorris.com/openid-support/
Gone as of December 2013 This page used to display a table comparing the OpenID protocol support by some of the more popular OpenID providers. The protocols this page tested for are all but dead at this point, and I haven't maintained the list for several years now, so I've taken it down.
Archive - Will Norris
willnorris.com/archives/
don't lose focus. About; Archive; now; 2023. search query; unrot; Accessing go links across tailnets Nov 2, 2023; Tailscale devices with a custom domain Nov 1, 2023; Caddy snippets for static
sites
Oct 27, 2023; A fun little personal logo Oct 27, 2023; Tailscale at the Pinewood Derby May 5, 2023; 2022
OpenID delegation and XFN
willnorris.com/2007/openid-delegation-and-xfn/
I contacted the FreeYourID folks earlier this week to ask them about adding an XFN link to my forwarding page at will.norris.name.They seemed receptive to the idea and should hopefully be adding that soon. I was then telling Chris Messina about it and I think he misunderstood me, but in the process got me thinking. You see, FreeYourID does delegate OpenIDs off to MyOpenID, but the openid ...
Supporting WebFinger with Static Files and Nginx - Will Norris
willnorris.com/2014/webfinger-with-static-files-nginx/
So, my final nginx configuration for supporting WebFinger is: My first location block is an exact match for the well-known WebFinger path. Within that block, I first enforce that only GET and HEAD requests are accepted, all others receive a 405 response. This isn't required by the spec, but seems like a good idea.
Challenges in changing my OpenID
willnorris.com/2008/challenges-in-changing-my-openid/
I recently decided to combine two personal websites I had (this one,
willnorris.com
, and will.norris.name) so that I had a single web presence. I chose to use
willnorris.com
as my canonical URL, but this presented two problems: I have been listing will.norris.name as my homepage in my various social networks profiles and on blog comments. I've built up some Google page rank love through ...
Free Your ID - willnorris.com
willnorris.com/2007/free-your-id/
Wow, when Scott said yesterday that JanRain was going to be making a cool announcement, he wasn't kidding. Today they, along with GNR, announced a new service called FreeYourID, which provides identity services with a .name domain.This top level domain was originally setup for use by individuals in this fashion, but it never really seemed to catch on (at least from my perspective).
Email Etiquette: Replying to Mailing Lists - Will Norris
willnorris.com/2008/email-etiquette-replying-to-mailing-lists/
Most email clients support the idea of "threaded messages"… that is, the client can group together individual email messages that are part of the same conversation, or "thread". This is a particularly useful feature on mailing lists where multiple conversations are happening at the same time. For example, the following screenshot of the OpenID General Discussion list shows two ...
wp-openid 2.0 released - Will Norris
willnorris.com/2007/wp-openid-20-released/
I'm sure people are tired of me talking about how soon this will be released, so I promise I'll shut up now. I've just tagged version 2.0 of wp-openid, a WordPress plugin which allows you to use OpenID for authenticating users and commenters.
wp-openid moving to DiSo
willnorris.com/2007/wp-openid-moving-to-diso/
In case you missed it last week, Steve Ivy and Chris Messina announced the DiSo Project as an incubator of sorts to develop distributed social applications. Initially, they will be focussing on plugins for existing publishing platforms like WordPress and Drupal.On the WordPress side, they are using wp-openid as a foundation to develop additional plugins that build on OpenID to bring other ...
WordPress Plugin Pet Peeve #3: Not being extensible
willnorris.com/2009/wordpress-plugin-pet-peeve-3-not-being-extensible/
So this is one that is incredibly easy to implement, and yet goes a really long way in keeping people happy with your plugin. The very reason that WordPress has a plugin API is because they know that different people want different things from their blog. Some people are satisfied with just the core functionality that WordPress provides, but most people want a little more.
Feedback