Skip to content

Home

HOWTO: Set yourself up with an OpenID

This post is in response to this comment on my blog (because I have no idea who that is :-). Here's my suggestion on how to get the most out of your OpenID.

  1. Get yourself an identity provider.
    I recommend using a pre-existing service rather than setting up your own. You can use AOL, Verisign (PIP), MyOpenID and a whole host of others.
  2. Edit your preferred blog or home page to configure it for delegation.
  3. When you sign into web apps, use your URL, not the URL from your provider.

I'm currently using AOL as my preferred identity provider; I also have accounts with Verisign and MyOpenID. If you already have an AIM account, you can use AOL as your identity provider without having to explicitly sign up for another service (which means that you don't need to remember yet another password).

So, assuming that you're using AOL, the next thing to do is edit your home page or blog template and add a couple of lines to the <head>:

   <link rel="openid.server" 

      href="https://api.screenname.aol.com/auth/openidServer">

   <link rel="openid.delegate"

       href="http://openid.aol.com/wezfurlong">

If you're using Verisign PIP:

   <link rel="openid.server"

      href="https://pip.verisignlabs.com/server/" />

   <link rel="openid.delegate"

      href="http://wezfurlong.pip.verisignlabs.com/" />

   <meta http-equiv="X-XRDS-Location"

      content="http://pip.verisignlabs.com/user/wezfurlong/yadis" />

   <meta http-equiv="X-YADIS-Location"

      content="http://pip.verisignlabs.com/user/wezfurlong/yadis" />

And for MyOpenID:

   <link rel="openid.server"

        href="http://www.myopenid.com/server" />

   <link rel="openid.delegate"

        href="http://youraccount.myopenid.com/" />

   <meta http-equiv="X-XRDS-Location"

        content="http://www.myopenid.com/xrds?username=youraccount.myopenid.com" />

These fragments allow an OpenID consumer site (such as my blog) to discover your identity provider and your identity with that provider. They can then initiate authentication using those credentials but then retain your original URL as your identity. This is nice because your URL is more meaningful than the various identity endpoint URLs from the providers, and also nice because you can easily switch out to a different provider if it takes your fancy.

This delegation mechanism relies on the consumer being able to parse your web page to locate those elements. Sometimes you may not be able to control some of the content on your page, so it may not be successfully parsed. You can avoid that issue by explicitly sending X-XRDS-Location and X-YADIS-Location headers, either in your PHP script, or by some magic in your httpd.conf.

Another trick is to redirect to your yadis file if the client indicates that it is looking for it:

   RewriteCond %{HTTP_ACCEPT} application/xrds\\+xml

   RewriteCond %{HTTP_ACCEPT} !application/xrds\\+xml\\s*;\\s*q\\s*=\\s*0(\\.0{1,3})?\\s*(,|$)

   RewriteRule ^$ http://netevil.org/yadis.xrdf [R,L]

(I think I borrowed this from Sam Ruby, or maybe it was Simon Willison).

What's in the yadis file? You can read all about it on openidenabled.com. Here's mine:

<?xml version="1.0" encoding="UTF-8"?>

<xrds:XRDS

  xmlns:xrds="xri://$xrds"

  xmlns:openid="http://openid.net/xmlns/1.0"  

  xmlns="xri://$xrd*($v*2.0)">

  <XRD>

    <Service priority="5">

      <Type>http://openid.net/signon/1.1</Type>

      <URI>https://api.screenname.aol.com/auth/openidServer</URI>

      <openid:Delegate>http://openid.aol.com/wezfurlong</openid:Delegate>

    </Service>

    <Service priority="10">

      <Type>http://openid.net/signon/1.1</Type>

      <Type>http://openid.net/sreg/1.0</Type>

      <URI>https://pip.verisignlabs.com/server</URI>

      <openid:Delegate>http://wezfurlong.pip.verisignlabs.com/</openid:Delegate>

    </Service>

    <Service priority="20">

      <Type>http://openid.net/signon/1.0</Type>

      <Type>http://openid.net/sreg/1.0</Type>

      <URI>https://pip.verisignlabs.com/server</URI>

      <openid:Delegate>http://wezfurlong.pip.verisignlabs.com/</openid:Delegate>

    </Service>

  </XRD>

</xrds:XRDS>

This yadis file says that I prefer to use AOL (its priority value is lower than the others) and then VeriSign PIP, preferring OpenID version 1.1 over version 1.0.

If you're using only one provider, you can just use their yadis URI rather than setting up your own (that's what those http-equiv meta elements are doing in my examples above).

PHP Recap/Redux

I've been pretty damned busy of late (we're in the late stages with going gold for our next Message Systems product release), but have managed to be involved in a couple of things PHPish, although I haven't had much time to follow up and talk about them.

MIX

I was invited to be a panelist at Microsoft's MIX conference for a discussion on the traditional pain points of getting PHP to run in a Windows environment and interoperating with ASP apps, and how Microsoft have taken a number of steps to help make the experience nicer, by improving the developer experience with IIS, shipping FastCGI support and working with PHP core developers to identify and tune some hotspots in PHP. The panel was pretty well attended given that it was one of the last sessions of the conference. You can find a recording of this session online here.

At MIX, the hot news was mostly Silverlight. It really demos very nicely and really does seem like a Flash killer, particularly because the tools are very nicely done. The really nice thing about Silverlight from my perspective is not so much the eye candy (sweet as it may be), as the Dynamic Language Runtime (DLR). The DLR allows you to run a subset of "dot-net" on the client side (both Windows and Mac), including scripting languages like Ruby and Python. This allows for some interesting possibilities, from something as basic as being able to use the same languages on both the client and the server side (very compelling from a maintenance perspective), to being able to use multiple languages (and libraries written in those languages) and call between them in your client side app.

This stuff isn't really all that new (you've been able to do some of that with COM compatible scripting interfaces for years--there's also a PHPScript implementation for the brave), but what's exciting is that it is bundled up into a runtime that has eye candy and support for two common OS platforms. The trick is in the eye-candy; that feature will wow people and cause a more rapid adoption of Silverlight than if it was just the DLR on its own.

Speaking of the DLR, Andi Gutmans and myself made it to the excellent Just Glue IT! talk presented by Jim Hugunin and John Lam (I love that URL!), on Python and Ruby (and more) in the DLR on Silverlight. It was very informative as well as humorous and with some nice live demos. You might be wondering if we're interested in PHP running on the DLR. I would love to see it there, even if it was just a subset of the PHP that we know and love. Perhaps the Phalanger project might shift in that direction?

From an organizational point of view, MIX, the conference, was very well put together. Some nice touches included: a speaker room equipped with snacks (ranging from power/protein bars and fruit to chips and candy), soda (which is typically very difficult to find at a conference without having to walk out of the conference area and paying exorbitant prices. This is very important for me, as coffee is a migraine trigger.), and what really clinched it for me: red bull (including sugar free).

Another nice touch was a double-sided laminated name tag--those things have a habit of flipping around so that you can't read them and find out who you're talking to. There was also a "sandbox" for you to bail out from the conference and sit down and play with the new technologies (they provided a number of machines for that purpose) or just sit down and talk. Minus points for not having enough (any?) power strips in the sessions themselves though; it made it difficult to get some work done while absorbing a session.

php|tek

It felt like php|tek was the first true PHP conference I've done this year (and that might even be true--I didn't bother to look back and check), so I was looking forward to being there, and also to see a bit more of Chicago, although I was a little disappointed to find that the conference was set in the "airport town", just far enough away from the real city to make visiting it a hard prospect. Such is life.

I think the php|architect folks did a fine job considering that the hotel threw a few spanners (or wrenches for you American folks) into the works, pushing a number of people (myself included) out of the conference hotel proper and into its more plain cousin a block or two down the street. I particularly wanted to attend Jeff Moore's talk on maintainable code but there was no room--people literally fell out of the session when I opened the door to get in there.

It was good to catch up with people again (and slightly weird to meet people that I'd seen a couple of weeks earlier at MIX--it's a bit surreal to be jumping timezones and locations and still see the same people), and to meet some more PHPWomen face-to-face. We had fun in the PHP trivia competition, and some of us were roped in to doing a podcast which came out surprisingly coherent despite the amount of alcohol in the room (I suspect that's because it was largely consumed by one of the Facebook guys ;-)

As someone who's been doing these conferences for a few years now, it's interesting to see the increasing number of MacBook laptops in use. I didn't count everybody's laptop, but the areas I frequented during the conference appeared to have MacBooks in the majority.

One of these conferences, I'll make it to one of Joe Stagner's talks and be there for the whole thing--I've tried to make that happen for at least the last 4 that I've been to, but it hasn't managed to work out how I've planned it, so far.

Blog upgraded

I've had the code sitting around for months, but haven't had the time to push it to production until now.

This is the third generation of my blog and incorporates the data from its prior incarnations (including my original s9y based 'zlog). The new architecture uses PostgreSQL for the database, largely because I want to take advantage of its LISTEN/NOTIFY support.

Another change from the previous incarnation is that the authentication system is now OpenID based, which suits me a great deal because I'm too lazy to code user management just for my blog (previously, I used a pass-through to the PHP CVS repository for auth).

I've restructured my URLs and implemented some fairly neat URL rewriting rules to make sure that the old links continue to work, even those for zlog.thebrainroom.net. I'll blog about that in another entry.

I've also decided to completely do away with HTML form based admin and blogging, because I'm always really frustrated by the editing interface. Instead, I'm using Microsoft Word 2007 (running under Parallels on my Macbook Pro) to post entries using its blogging capability.

php|tek, here I come

I'll be heading out for Chicago in a little while to attend php|tek, where I'll be giving my "pdo" and "mail" (a.k.a: "not pdo") talks.

I should be getting in to the hotel sometime around 7:30pm local time.

I've been really busy recently, so I haven't yet had a chance to figure out which other sessions I'll attend, but I do know that I'm really looking forward to re-sync'ing with everybody.

We're recruiting again, and I'm looking for both C and PHP folks to join my team at OmniTI/MessageSystems, so if you're going to be there and are interested, please make a point of finding me--I'd love to hear from you.

See you there :)

Goodnight Star

We said goodnight to Star for the last time tonight.

She was 13 years old and had been suffering from liver cancer for the last few months. Star was daughter of Bronte and mother to Lily. Bronte is still going strong at 15 years old back in England, and Lily (6) is now our alpha dog.

I like to remember the clan Mac Bronte like this:

We will miss you Star.

Soliciting questions for PHP and ASP.net panel at MIX

As I mentioned previously, I'll be at MIX this year on a panel discussing ASP and PHP interoperability, along with Jesse Liberty, Bill Staples, Joe Stagner and Brian Goldfarb.

I've been told that MIX has sold out and that there is a lot of interest in our slot, so I'm sure we'll have plenty to talk about, but I'm looking for questions to break the ice and get things rolling.

If you have any questions, comments or other insights on PHP running on Windows, or on getting PHP apps working together with ASP.net apps, please comment on this blog post, and I'll try to work them into the panel, and to feed back the results of the discussion here on my blog.

If for some reason your comment doesn't go through, or if you prefer email, you can also mail them to me at wez@php.net.

I'll be at MIX'07

I've been invited to participate in a panel at Microsoft's MIX conference this year. The panel is entitled "Can't ASP.NET and PHP just get along?" and is to be a "spirited but friendly" discussion on PHP and ASP.net interop.

For those folks clicking through from the MIX site, you might be wondering who I am and why I'm on the panel... I've been partly responsible for development of the PHP core and primarily responsible for a lot of the Windows specific portions of PHP. I work for OmniTI, a world respected internet technologies consultancy.

I'm looking forward to MIX, partly because I've heard that it's a lot of fun, and partly because it will a great opportunity to meet with a different crowd--the conferences that I usually attend have attendees that are largely LAMP focused, so the Windows platform focus will be an interesting change. I'm hoping to gain some insight into what people perceive as short-comings in PHP on Windows, and feeding those back into PHP.

If you see me there, stop me and say hi!

Portable umem released via OmniTI Labs

We've migrated our port of Solaris umem from SourceForge to OmniTI Labs, and have finally gotten around to making a source release.

You can find the project page here, which includes a link to the downloadable source.

The tarball will build you libumem and libumem_malloc. The latter version can be used as an LD_PRELOAD to replace malloc for a target process, which is useful for debugging. The former is more useful when deliberately linked into an app that wants to take advantage of the slab allocator APIs directly.

I'm interested to see if using this in PHP will lead to performance gains, but currently lack the time to do any benchmarking. I doubt that performance will suddenly improve just by preloading libumem_malloc, but there might be a gain if the zend engine allocator were tied into libumem.

Perhaps someone reading this blog entry does have the time to investigate and could post the results?

OmniTI does OpenSource: OmniTI Labs

Earlier this week, we announced OmniTI Labs, a home for various pieces of useful technology that we've worked on, either as part of working on projects for clients, internal products or just for fun.

Alexandria is a library of PHP code that will continue to grow as we find more time to drop components into it. Right now there's not too much stuff in there, but the main pieces that are likely to be of immediate use are a PHP smtp_injector extension and a supporting PHP 5 class that should prove useful to folks that generate mailings from PHP. You can read more about those in the documentation.

I want to stress that Alexandria is not a framework. Each piece is relatively self contained and tries to avoid imposing a particular programming paradigm on the apps that use it.

Labs contains more than just a PHP library; we have a number of other projects, and more will make appearances over time.

Enjoy!

(See also what Theo says about Labs and what Laura says about Labs)

PHP Meetup @ OmniTI HQ in Baltimore/DC area

I've been meaning to blog about this for a while, but haven't found the time until now.

This Monday 5th March, join us for the Columbia PHP Meetup.

OmniTI are providing the venue, PHP experts and pizza. This first meetup will have a number of lightning talks and provide the opportunity to exchange ideas and talk about code, architecture, innovation, and open source in general. Anyone interested in PHP is welcome!

Please RSVP via the meetup link.