intertwingly

It’s just data

Unobtrusive OpenID


I’ve implemented a small amount of glue code that calls out to the JanRain Python OpenID library.  Unlike most other OpenID enabled consumers, I’ve made a few simplifying assumptions, if anybody sees something I missed, please leave me a comment.

My assumptions are that if your website is OpenID enabled, (1) you want to authenticate, and (2) you don’t want anybody else to be able to “spoof” your ID.  With these assumptions, I can eliminate the need for anybody to “login” to my site.  People simply enter their comments normally, and when they press “Submit”, Yadis autodiscovery is performed.

Additionally, my site makes no use of cookies or JavaScript.  Instead, I employ URL rewriting techniques to achieve the effect of a session.  Of course, your OpenID provider may require cookies, but that is entirely between you and that provider.

Finally, I haven’t integrated this with my Spam avoidance techniques - with two minor exceptions.  If you authenticate, I put the address of your OpenID provider in the title of the link instead of your IP addresses.  Additionally, if you authenticate, I never put in a rel="nofollow".  Of course, all this is subject to change at any moment.