OpenID & LID

Martin Atkins mart at
Tue Jun 28 15:58:31 PDT 2005

Brad Fitzpatrick wrote:
>>Ah, but that's where Apache's "DirectoryIndex" directive comes very
>>For example, the LID Perl scripts that we have on
>>can be installed as "index.cgi", in addition to a "index.html" from
>>the static content that somebody might have there already. By saying
>>     DirectoryIndex index.cgi index.html
> Again, we both can do that.
> And all the Gentoo ricers on Slashdot, etc.
> But I'm worried about those Yahoo web page user who bought their own
> domain name for $10/year and can edit their HTML but nothing else.  No
> CGI, no PHP.  Go look at and notice all the people
> with vanity domain names that replied to me within 30 minutes of my
> announcement who'd already inserted two lines to their HTML head,
> delegating the OpenID server work to livejournal's servers, but using
> their own vanity domain name as their identity.
> Little story:
> I once designed a stupid templating language called S1.  It required you
> knew HTML.  Then I made a 20x cooler one (named S2) that was a full blown
> programming language w/ compiler, supported introspection, auto-created
> GUIs with DHTML to choose options from the introspection of the templates,
> etc. I figured:  S2 will be great for newbies who like point-and-click, or
> for hard-core object oriented programmers who understand inheritance and
> dozens of layers of abstraction!
> But I haven't been able to kill S1 in all these years because there are a
> bunch of people in the middle who aren't newbies and aren't programmers.
> And they're influential because of their numbers, and also vocal.
> My point:  those "middle" tech users can insert two lines into an HTML
> document and FTP it to their host (they don't what it means, but they
> copy/pasted it and changed their username), but they can't run a CGI
> script because their host doesn't allow it, they don't understand
> permissions, module dependencies (or they can't install new modules
> inside their $HOME), etc.
> I've probably grown too cynical.

Good analogy with the S2 situation.

I think the separation between the identity provider (as I called it
earlier today) and the identity server is good for other reasons, too:
it means I can change identity servers without losing my identity. Of
course, in LID's case there is no option but to be your own identity
server, so I suppose this point is moot to a certain extent.)

Earlier today when I was discussing OpenID with one of my friends it
took me five seconds to get his site working as an OpenID identity. His
site is based on a shitty template system I wrote when I was 14 or so
(like Brad's BML, but far less elegant and far more kludgy) and lives on
a hosting service where Perl barely works. My template system when
running on there jumps through a dozen different hoops to actually work,
and adding an identity server into the equation would certainly have
broken it and required me to remember how it all worked. I probably
wouldn't have bothered.

I have a dozen different OpenID identities that I've been using to test
the things I've written. However, when I was writing the LID to OpenID
proxy I just used the demouser because installing LID on my own server
would have just slowed me down.

There's a couple more stories for you which I think highlight how
important it is that users not have to run their own identity servers.
Granted, both of them are about me being lazy, but then I'm far less
lazy than most of LiveJournal's non-techy users when it comes to all of
these geeky gizmos.

More information about the yadis mailing list