: Should I run my own OpenID server? As I understand it, OpenID relies on a single trusted service, the OpenID provider. If you run this service on your own server you then have complete control,
As I understand it, OpenID relies on a single trusted service, the OpenID provider. If you run this service on your own server you then have complete control, and you only have to trust yourself (and your ability to correctly configure and run a web service).
Would this be the most secure and effective way to manage your online identity?
More posts by @Barnes591
2 Comments
Sorted by latest first Latest Oldest Best
If you are looking for more control, you could do what I did. I use a sub-domain of personal domain that I own to point to myopenid. So if myopenid ever goes under, has problems, turns evil, etc, I can change providers without changing my openid url.
Edit: it is called OpenID Delegation
This seems like overkill. There are a lot of sites offering OpenIDs. What aspects are you worried about? That the provider might themselves masquerade as you? That the provider might be hacked and have the user/password files copied and decrypted? If those are your anxieties and you want to relieve them by taking control, you can certainly go ahead. Your server is unlikely to be more secure than the best providers, but the obscurity of your server would likely make it less subject to hacking attempts.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.