OpenID
I am sure everyone has learned of LiveJournal’s OpenID support by now. I imagine most people wondered how it worked, but never looked into it. After doing some research, I am quite interested in this, so I’ve decied to post a general overview of the whole thing.
Lets say you have a LiveJournal account and you’re logged in right now. You happen to be reading a blog post at say, deadjournal, and you want to reply, but you don’t have a deadjournal account. Dear lord, what to do? You can either comment anonymously, or use your OpenID. Very simply, your open id is: your_user_name.livejournal.com. Now you’re wondering how the hell that verifies your identity, right? In the [X]HTML source code of your livejournal, there is a link to the associated OpenID server, which, in this case appears as: <link rel=”openid.server” href=”http://www.livejournal.com/openid/server.bml” />. When you submit your comment, the OpenID consumer, or site you’re commenting on, pulls that server’s URL out of the identity you provided ( your livejournal homepage ). The consumer then chats with the server a little before forwarding you there. In this case, you are sent to livejournal.com. LiveJournal can then check your cookies to verify that you are logged in. If you are logged into your livejournal account, the server tells the consumer that you are indeed you. If you are not logged in, it will tell the server that you are some cheezy imposter; your comment will not be posted as you.
And the advantage of this is?… LIveJournal has an XMLRPC interface, which easily allows any non-livejournal site to verify your livejoural identity, providing you give it your password, but do you really want to give your livejournal password out to random websites? I know I don’t. With OpenID, you are still commenting with your livejournal account, but the identity verification is done via livejoural’s server. In other words: Your password does not go through a third party site. If you view the source of divinelunacy.com, you will see that I am using my livejournal account as an identity. If I were to post a comment on an OpenID enabled server, i would simply put divinelunacy.com as my openid. Easy, eh?
I find this all quite intriuging, so I really can’t wait until wordpress supports it. In fact, I might even work on making my own implementation—just another thing to add to my already mile long “to code” list…