descriptionsingle user, ephemeral OpenID provider
homepage URLhttp://bogomips.org/local-openid/
repository URLgit://git.bogomips.org/local-openid.git
ownernormalperson@yhbt.net
last changeMon, 30 Sep 2013 18:26:06 +0000
last refreshFri, 22 Aug 2014 13:32:44 +0200
Content tags:
Add:
readme
= local-openid: Single User, Ephemeral OpenID Provider

* http://bogomips.org/local-openid

== Description

local-openid allows users with shell accounts on servers to authenticate
with OpenID consumers by editing a YAML file in their home directory
instead of authenticating through HTTP/HTTPS.

1. Encounter a login page that accepts OpenID (the consumer)
2. Login into your own server (if you're not already logged in)
3. Start the local-openid app on your server
4. Login using your OpenID (on the consumer)
   - you should be redirected to your local-openid application
5. edit ~/.local-openid/config.yml on your server to approve the consumer
6. Reload the local-openid page your browser was on.
   - you should be logged in to the OpenID consumer site
   - If not, check the error log (usually stderr) of local-openid
8. Shut down the local-openid application.

== local-openid exists for the following reasons:

1. Passwords and password managers feel clumsy to me on web browsers.
On the other hand; using ssh, editing text files, and running servers
are second nature.  Clearly, local-openid is not for everyone.

2. Identity providers may not last.  Companies die and business plans
change.  I'd rather my online identity not be subject to those whims.

3. OpenID providers could be compromised without disclosure.  With
local-openid, I have server logs to know if somebody is even trying
something fishy with my identity.  The vector for compromising my
identity is greatly reduced because my local-openid instance has 99.999%
downtime.

== Install

The following command should install local-openid and all dependencies:

  gem install local-openid

setup.rb is also provided for non-Rubygems users.

== Requirements

local-openid is a small Sinatra application.  It requires the Ruby
OpenID library (2.x), Sinatra (0.9+), Rack (0.9+), and any Rack-enabled
server.  To be useful, it also depends on having a user account on a
machine with a publically-accessible IP and DNS name to use as your
OpenID identity.

== Hacking

I don't have any plans for more development with local-openid.  It was
after all, just a weekend hack.  It does what I want it to and nothing
more.

Feel free to fork it and customize it to your needs.  Of course, drop me
a line if you fix any bugs or notice any security holes in it.

You can get the latest source via git from the following locations:

  git://git.bogomips.org/local-openid.git
  http://git.bogomips.org/local-openid.git
  git://repo.or.cz/local-openid.git (mirror)
  http://repo.or.cz/r/local-openid.git (mirror)

You may browse the code from the web and download the latest tarballs here:

* http://git.bogomips.org/cgit/local-openid.git
* http://repo.or.cz/w/local-openid.git (gitweb mirror)

== License

Copyright 2009 Eric Wong.  It is licensed under the GNU Affero General
Public License, version 3.  See the LICENSE file for details.

== Disclaimer

There is NO WARRANTY whatsoever, implied or otherwise.  OpenID may not
be the best choice for dealing with security-sensitive data, and this
application is just a weekend hack with no real security auditing.  On
the other hand, it's quite hard for somebody to steal your OpenID
credentials when your provider implementation has 99.999% downtime :)

== Contact

Eric Wong, normalperson@yhbt.net
OpenID: http://e.yhbt.net/
shortlog
2013-09-30 Eric WongRakefile: kill raa_update taskmaster
2013-03-12 Eric Wonglocal-openid 0.4.0 - non-standard ports and schemes
2013-03-05 Eric Wonguse Rack::Request#base_url for server_root
2012-08-18 Eric WongRakefile: update fm_update task for freecode.com
2012-07-01 Eric Wonglocal-openid 0.3.0 - compatibility improvementsv0.3.0
2012-07-01 Eric WongREADME: use consistent domain for mailing list
2012-07-01 Eric Wonggemspec: loosen Sinatra version dependency
2012-07-01 Eric Wongupdate packaging to use pkg.mk + wrongdoc
2012-07-01 Eric Wongdoc: shorten URLs
2012-06-25 Lionel Elie... separate OpenID Provider identifier and user identifier...
2010-08-30 Eric WongREADME: note config.yml is lazily created
2010-06-26 Eric Wonggemspec: fix email address
2010-06-26 Eric Wongcommand-line option parsingv0.2.0
2010-06-26 Eric Wongfixup packaging
2010-06-26 Eric Wongmake this a modular sinatra application
2009-04-06 Eric Wonglocal-openid 0.1.1 - fix Sinatra dependencyv0.1.1
...
tags
2 years ago v0.3.0 local-openid 0.3.0 - compatibility...
4 years ago v0.2.0 local-openid 0.2.0 - repackaged
5 years ago v0.1.1 local-openid 0.1.1
5 years ago v0.1.0 local-openid 0.1.0
heads
10 months ago master