This article has no code in it. There are no TODO steps. Nothing to install. Its a picture of the future.
There is no reason to bookmark this article and read it another day. Its nearly all pictures. You can read it now.
This “picture of the future” was actually added to our browsers in the 90s. Netscape and MSIE3.0 both had it.
“It” is Client Certificates, and to me to means “never logging on with username/password NOR OpenID ever again”. Zero Sign On. It must be better than the much-targetted Single Sign On.
Or on Safari/KeyChain:
Small problem: no website I’ve ever used has ever offered them, so I never knew they existed. I didn’t know what they did, nor as a web developer that I could create them for users who’d never need to login again.
Clifford Heath showed me the light. On #roro irc channel, we were exploring how “Zero Sign On” might be implemented using ssh-keygen, and browser plugins etc. Clifford mentioned client certificates and then someone else mentioned that MyOpenID already supported them. [someone = Michael Kedzierski]
I already had an myopenid account, so raced over to explore the new world of certificates.
Under “Authentication Settings”:
So I thought to test out if “Zero Sign On” actually worked. Normally, after logging out you’d need to submit username/password or if a site supported OpenID (yes myopenid.com is an OpenID provider which is a bit circular but bear with me) you login by entering your OpenID url and pressing Enter. Either way, you’ve got work to do.
Instead, I clicked “Login” link on the home page, and was redirected immediately to:
So it was still using cookies so that it could log me in immediately next time without clicking “login”, but either way, there is no username/password nor any other “type something here” login form. Just a “Remember Me” checkbox.
Finally, myopenid.com shows a log of your sign-in attempts:
Your sites and the future
As a web developer, you can do one of two things to get some leverage of Client Certificates.
- Support OpenID as a login mechanism. Users with myopenid.com accounts (or other openid providers that support client certificates) will benefit from automatic login to their openid page and instant redirection to your site. You’ll also be able to help new users import their profile data to get them started quickly.
- Implement Client Certificates yourself. I would have liked to have had a crack at this before posting about Client Certificates and all their sweet loveliness, but I didn’t. My bad. Instead, I found a nice step-by-step (plus comments with updates) on implementing Client Certificates
If you have/do implement Client Certificates in Ruby/Rails world, you’ll get a 1000 Happy Points from me if you open source it/blog about it. Happy Points are redeemable for Happiness in all countries.
- Why supporting multiple OpenIDs per User is useful for users… Web apps/services go down for maintenance (expected or erroneously) all...
- MagicCGI shows OpenID user count In the last 20 days, 43 people have used...
- One year on the InterTubes Dumping thoughts onto the InterTubes, aka blogging, is fun. And...
- Sample Rails app: multi-OpenIDs per user Last time, on “Dr Nic loves OpenID”… Dr Nic had...
- One App, One User Account and Multiple OpenIDs Summary: Its the future, and its not Facebook. Learn it....