« La lista de Sinde | Main | LinuxTag CfP ends January 29th »
Be your own eID provider
Ismael Olea, 16 ene 2010
One of my particular interests is to explore the requirements of digital personal sovereign and it's implementation with libre software. I've done some thought about this in the past (what I call the «SOOS Desktop») and I'm implementing little by little on my own server. For me, this is an amazing research line deserving a lot of attention both the formal academic and the technical development side. But everything is still to be made.
One of the pieces needed, getting particular importance from some time to now, it's the authentication services. The most trivial protocol to choose today is OpenID.
I've been using phpMyID as my OpenID provider for some time to now, but some consumers complaint about it. I suppose it's because it doesn't implement OpenID v2. After some research I've found the suggestion to use SimpleID. The list of OpenID provider software, I think all the items are OSS, was helpful too. Seems there are very powerful alternatives for «enterprise» servers. In my case I've prefered a low requirement system so I finally chose SimpleID.
When installing software my usual practice is to install it packaged. It's the easiest way to manage what software is installed, where and to have it integrated with the rest of the operating system... hopefully. So I have made a SimpleID RPM package for CentOS 5. The present form doesn't accomplish all the Fedora Packaging Guidelines but I think is fine enough for serious sysadms. I plan to maintain it through Olea.org RPM's repo.
Seting up your OpenID identity
After installing SimpleID you should configure the webserver name at /var/www/simpleid/www/config.inc and restart Apache.
For each identity you should fill a username.identity file at /var/www/simpleid/identities/. Take care username here should be the user name you want to log against SimpleID and have nothing to do with your identity details. For creating your password hash you can use md5sum:
echo -n "mypassword" | md5sum
An interesting feature is you can create your own Extensible Resource Identifiers (XRI) and add them to your user identity file. I hope to play a bit with this soon.
When ready, log into SimpleID, the default URI I set in my package is http://localhost/simpleid. Now go to the «My Profile» tab, where you can gather all the HTML links tags you should add to the webpage you want to be your OpenID URI. In my case it is in http://ismael.olea.org, which seems to me a meaningful URI. You only need the copy generated code to the HEAD section of the chosen HTML document. It's a flexible way to really decide how your OpenID URI should look like.
When ready you'll can login using your brand new OpenID URI. Enjoy.
Another SimpleID nice feature is the «My Site» tab. When login into your account you'll can track the OpenID consumers you are logged and remove them if needed.
I'm waiting for new SimpleID releases!
Update: Gabi Sfestarof warns about using quotes when generating your password: double quotes don't work when you need to use special characters, in that case you'll need to use single quotes:
echo -n '!myspassword_4' |md5sum