b a d p o p c o r n

Too Many Usernames!

Written by Ben on December 7, 2005 |

I am generally tolerant of dumb tech hurdles because I’m a techie, but I don’t like having different usernames and passwords for every site I visit– Yahoo, Google, MSN, etc. Some big companies are trying to solve this problem– MSN Passport and the Liberty Alliance. But those solutions require huge budgets (and not K.I.S.S), and I personally don’t think that they can realistically solve the problem.

So, if I barely can handle this user account problem, how does a non-techie stand a chance?.

What can be done? For my part, I’ll be using OpenId (Authentication Scheme) and YADIS (Scheme/Service Discovery) in my Django projects. Why?

  • They can give my users (and me) a single identity across the web.
  • They already have good support (LiveJournal, Moveable Type, etc).
  • They are Simple in design.
  • They are Open.
  • They are Federated. Power to the people, not any one mega-corp.

To do so, I wrote up a simple pluggable OpenId Authentication Django App that I can use in my projects. The app uses the OpenId Python library put out by the OpenId Enabled guys. I shot them email about contributing my code back to their project. This is in progress. If not, I’ll just release and host it myself.

Next step is to connect my OpenId App, YADIS and Django.


[del.icio.us] [Digg] [Google] [StumbleUpon] [Windows Live] [Yahoo!] [Email] More »

Posted in Python, Technology

« Hexic Ranking Update   Toys R Us »

9 Comments »

  1. Ben as I have said many time, “you dominate like kobe on white chicks.”

    I agree with every one of your views. Although many people feel the internet has matured, it has not. The problem you bring up shows the point. I think the best part of the blog is the open source element.

    Comment by Moe — December 8, 2005 @ 1:43 am

  2. So I was browsing around about openID a bit. I ran across a link that was a good quick read.

    Videntity is an interesting web based social network that is open and combines OpenID, XFN, and FOAF. Users maintain an identity with personal information on the site, and they can invite friends to join. It is an open network because you can add information about people you know who are not in the network.

    Videntity - an open social network

    Comment by Moe — December 8, 2005 @ 1:49 am

  3. Hey, Ben –

    I’d be very interested in seeing what you’re doing with OpenID and Django. Drop me a line if there’s anything you’d like Django to do to make that type of integration easier.

    Comment by Jacob Kaplan-Moss — December 8, 2005 @ 7:50 am

  4. Moe: I actually use videntity.org as my OpenId authentication server. OpenId has a nice delegation feature, which unburdens me from needing to run an authentication server. http://www.myopenid.com is also another free identity server. If you’ve got a LiveJournal account, then you’ve also got an openid url. cool stuff going around. :)

    Jacob: Will do.

    Comment by Ben — December 8, 2005 @ 10:18 am

  5. From what I could gather and/or understand (this is me…quite illiterate with computer jargon), it looks like you’re beginning to put an end to this multi-username bs and for that, well done! I completely agree. Having so many usernames and passwords is quite annoying considering the human brain’s reluctant capacity to hold all of them in; it’s good to know something’s being done, especially with all the services going 100% online now.

    When ya got saved Word documents that have all those usernames and passwords as references, you start to wonder…

    Kudos Ben…from what I could decipher, your projects sounds very innovative and will cater to the masses…

    Comment by bindi — December 8, 2005 @ 1:21 pm

  6. You are viewing identity solely from a consumer perspective. Take a peak at how enterprises think about it and your idea will fall apart quickly…

    http://duckdown.blogspot.com

    Comment by James — December 9, 2005 @ 6:44 pm

  7. James,

    Your argument sounds like, “The corporations aren’t doing it, so it’s bound to fail.” I wholely disagree to that. The Identity 2.0 workshops have a good amount of participation from many different parties. OpenId has had involvement by members from Verisign. And the forward drive, in general, seems to be towards some sort of federated system.

    Also, corps in many respects are late adopters. Example: the web came along and wasn’t fully embraced by corps at first. Things didn’t fit the client-server computing model, but things changed.

    Maybe you’re suggesting the idea that corps want to have strict control over their users? That’s more about authorization and access. What wrote about is Identity and Authentication, two related but different things.

    -Ben

    Comment by Ben — December 10, 2005 @ 2:07 pm

  8. Hi Ben, I implemented OpenID auth as a WSGI middleware function today. As Django supports WSGI, should be a snap to use with it. This only handles authenticating the user though, there’s still work to be done for individual frameworks like Django to actually take the login info and do something meaningful with it. :)

    Cheers,
    Ben Bangert

    Comment by Ben Bangert — December 20, 2005 @ 11:11 pm

  9. [...] I’ve been experimenting with adding openid authentication to django. I couldn’t find another software package to do this (although I did see this, which implies there is some other code out there) Anyway - here’s mine so far. [...]

    Pingback by Phil Dawes’ Stuff » Blog Archive » Django openid auth - first stab — January 6, 2006 @ 9:15 am

RSS feed for comments on this post. | TrackBack URI

Leave a comment

XHTML ( You can use these tags): <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .