phil ringnalda

Last night when I should have been sleeping, I was looking at the current state of OpenID support in WordPress, which seems to mean looking at one weblog post. Having just the one post to read lets you pay more attention to it, so I was reading through the comments, clicking links, when I came to one by http://danda.videntity.org/. Interesting, in a number of ways.

First, despite having long claimed that all I’m interested in from authentication is “is this person the person who controls that URI?,” I’m not too happy with the Live Journalish way that OpenID has been done so far: in LJ’s world, you are a username, which maps to a URL, while in my world you are a person with a name, who is the particular person associated with a URL. I don’t want to get, or display that I’ve gotten, comments from http://golem.ph.utexas.edu/~distler/blog/, I want to get comments from Jacques Distler, and to be able to display that the person who wrote the comment authenticated himself as being in control of http://golem.ph.utexas.edu/~distler/blog/ (though the fact that I’d rather get comments from atrustheotaku than not get comments from Nikolas complicates things slightly).

I left an OpenID-authenticated comment on Neil’s weblog, which is using Mark Paschal’s MT plugin to identify the comment as having been Posted by weblog.philringnalda.com, which looks rather more like a Trackback than a comment. Since Scatman’s WordPress plugin handles delegation but then forgets that it did, if I left a comment there it would be from philor@livejournal, an identity that’s a nonidentity to almost anyone, or if TypeKey’s handling of OpenID wasn’t broken right now, I might be http://profile.typekey.com/philor/, not much better.

Anyway, since I’d already seen that Videntity.org had a PHP port of the Python implementation of OpenID, I went to see what Mr. http://danda.videntity.org/ might have to say for himself, which is where the non-identity non-epiphany muddle came in. http://danda.videntity.org/ says that his name is Dan Libby, a name I recognize from reading more about the history of RSS than is good for me, and furthur that he is that same Dan Libby who was responsible for RSS 0.90 and RSS 0.91 at Netscape, a fact which I have absolutely no reason to believe or disbelieve.

Google knows of exactly one link to http://danda.videntity.org/ (gee, thanks rel="nofollow", for making it impossible for me to find other places he might have commented, way to break the web!), from a wiki page which currently does link to videntity.org, but not to danda.videntity.org. The odds are at least fair that I know someone who knew him when, who would know whether or not he’s now doing open source consulting in Costa Rica, to at least get the story up to the present, if not someone who both knows him and knows how to contact him to ask if he’s actually the same person who is doing an OpenID service, but I’m not quite sure who that would be.

That’s where I started thinking that I ought to be able to squeeze out an epiphany of some sort, but none quite managed to form, other than the same old “if you want to be associated with what you do online, you better have a single URL that you intend to maintain indefinitely, where you talk about what you’ve done elsewhere.” Which doesn’t seem to make using an identity hosted at videntity.org an especially good idea: you can certainly assert elsewhere that a particular videntity.org identity is yours, but you might just as well delegate authentication to videntity.org while asserting your own URL’s identity, at which point videntity.org doesn’t look like a very good business: if the only time anyone needs to go there is to log in and confirm that they want to identify themselves, it’s certainly not going to make it on advertising. Dunno, maybe there’s a killer business there in providing dating site identity to kids too young to have settled down to their own URL that I’m just not seeing.

I do know that although I’ll probably wind up using videntity.org’s PHP-OpenID library, I’ll end up auditing it and comparing it to the Python original much more closely than I would have if it had been offered by someone who didn’t assert any sort of identity at all. If the WordPress plugin, by someone I only know as “Scatman Dan” actually correctly handled delegation, I probably would have used it with only a quick read. Very odd.