Recipes for OpenID Server enabling an existing site

[Kevin Turner]

On Mon, 2007-07-30 at 08:04 +0100, Julian Bond wrote:
> On the consumer side there's
> http://www.plaxo.com/api/openid_recipe
> http://simonwillison.net/2006/Dec/19/openid/
> 
> Is there an equivalent recipe for adding OpenID Server functionality to 
> an existing site?

There are rants about why you shouldn't do such a thing.  ;)  It feels
like there are already more providers than RPs out there.  Choice of
providers is good, but as a user finding that a half-dozen sites you're
on provide you with an OpenID is not what you wanted.  Being an OpenID
provider is also a lot of responsibility to take on, as you're not just
responsible for the data on your own site anymore, but for everywhere
your users use their OpenID.  Unless your mission is really focused on
being an authentication provider, it's quite likely you're not going to
want to keep up with new developments in the field.  etc, etc...  In
general, dedicated authentication providers are good; authentication
providers tacked on to other applications as an afterthought are less
so.

okay, ranting aside,

It is also much easier to integrate a provider than a RP.  (That is one
of the reasons why we've seen many sites adopt that half of the protocol
first.)  You don't have to change your login system, you don't have to
add many-to-one tables mapping OpenIDs to local accounts, you just have
to add an OpenID endpoint somewhere, pass messages that come to that
endpoint through to one of the OpenID libraries, and add a few lines to
your users' profile pages to point to that endpoint.

Some of these libraries have pretty decent documentation and examples
already, but it may be that Simon or Joseph will work their tutorial
magic on them in the future.

-- 
keturn on https://pibb.com/go/openiddevelopment and irc.freenode.net#openid