phpMyID phpMyID is a small, fairly lightweight, standalone, single-user Identity Provider for OpenID authentication.
Download

phpMyID Ranking & Summary

phpMyID Tags

identity OpenID authentication Identity Provider decentralized framework phpMyID Provider

phpMyID Description

phpMyID is a small, fairly lightweight, standalone, single-user Identity Provider for OpenID authentication. phpMyID is a small, fairly lightweight, standalone, single-user Identity Provider for OpenID authentication.OpenID is an open, decentralized, free framework for user-centric digital identity (I stole that from their website). But what does it mean? Well, basically OpenID is a way to authenticate yourself to various places (websites) by verifying your identity as the owner of a particular URL (say, a website of your own).Instead of giving a username and password to a login form, you just give it your URL. You're then directed to your "identity provider" to log in, and when it authenticates you, you go back to the site you were orignally trying to get into. Why this is good or bad, and what the actual implications of it are... well, that's all mostly outta scope as far as phpMyID is concerned. Suffice it to say, phpMyID acts as an "identity provider" so you can log in to OpenID enabled sites.From a user point of view, OpenID is a neat concept, but it has a few flaws. For example, when I wanted to actually, y'know, get an OpenID thingie of my own so I could log into OpenID sites, I found there was no satisfactory way to get one. My options were:Download a ready made application to handle serving up identities and create myself an account in it. - There aren't many of these, and what few there are seem to be geared towards multi-user setups. Since there's only one of me, this option seemed like overkill.Download a complex set of libraries and build an application to handle serving up my identity. - Again there are not many of these, and what few there are seem a bit overcomplicated for my needs.Set up an account with a third party provider. - A bad option for me because I really don't like the idea of coupling a theoretically decentralized framework to one of a handfull of third party providers (and giving them my account credentials). Sure, someone who doesn't have their own site and server technology will probably go this way, but not me.Since I couldn't find the simple solution that I wanted, I did what any would do, and created the missing option for myself: a single user OpenID server. phpMyID.UsagephpMyID is a single user (though, if you were so inclined, you could easily turn it into a multi-user setup) IdP, or "Identity Provider" for the OpenID framework. It's a single PHP script with minimal dependancies.You don't need a database, you don't need to make your filesystem writable, you don't need to download any libraries, and you don't need to recompile PHP. Okay, well, you shouldn't need to do any of that.Installing phpMyID requires an MD5 hashing utility. Why? Because you have to authenticate to it using a password. phpMyID uses HTTP Digest authentication for security and your password must be encrypted when you enter it during installation. Say it with me: "passwords should never be stored or transmitted in plain text" (one of the advantages of phpMyID and OpenID is that they never are).For Linux or OSX (or any other Unix-like OS), I suggest using OpenSSL to encrypt your password. For Windows, there are a number of utilities available, but I recommend this one by Colin Plumb. It's public domain code, and it will do exactly what you need (yes, the hash it create is all upper-case - don't worry, phpMyID will convert it for you). You can use PHP's md5 function to generate your hash for you on the fly, but I must discourage doing so. Not only does it take all the fun out, but you have to store your password in plain text to make it go.Complete installation instructions, including examples of how to encrypt your password, are available in the provided README file (here's the svn version).What's New in This Release:· A weakness in the digest authentication method has been addressed.· A few PHP "Notices" have been corrected.· Paranoid mode ancestry checks did not work correctly in PHP4.· The cancel URL did not have 'openid.mode=cancel' appended to it.· Paranoid mode will not be invoked on checkid_immediate.· The Suhosin incompatibility warning can now by bypassed.· HTML META refreshes have been replaced with HTTP 302 refreshes.

phpMyID Related Software