How to pretty much guarantee that you might get an email address with OpenID

OpenID itself is just an authentication protocol.  It takes OpenID extensions to get more information about the user like their name or email address.  In fact there…

Need access to that internal? Don’t touch that dial!

The blessing and curse of open source is that the source can be easily changed.  Internal types and members don’t need to be backward compatible with previous…

DotNetOpenAuth 3.0 Beta 2 released

DotNetOpenAuth, previously named DotNetOpenId, is getting nearer to its major 3.0 release.   With beta 2, we have a security reviewed, feature complete library for .NET use of…

Replay protection for OpenID 1.x relying parties

If you’re writing an OpenID Provider, you should have a strong appreciation for the security of your customers’ identities that you will be protecting.  One aspect of…

OpenID association poisoning

As part of the OpenID protocol a relying party often establishes shared secrets (called ‘associations’) with identity providers that are used to verify identity assertions.  It occurred…

Fixing the OpenID login user experience

The user experience of OpenID at Relying Party web sites is so important to get right.  OpenID is right for your web site’s visitors – no doubt…