Delegation

Delegation allows you to use your own website as your identifier while still using a third-party OpenID provider. This requires only the ability to add a small snippet of HTML code to the page you wish to use as your identifier.

What you need to know

In order to set up delegation, you need to know two pieces of information:

• The identifier issued to you by your provider. This is what you would sign in to sites with if you weren't using delegation.
• The URL (address) of your provider's identity server. You should be able to get this information from your provider.

For the sake of example, we will use http://john.myprovider.com/ as the identifier and http://myprovider.com/openid/server as the identity server address.

Setting up Delegation

To set up delegation for a particular web page, simply add the following HTML code to the <head> section of the document using your favourite text editor. In most cases you will want to add this to the index page (usually index.html or default.html) of your site. This uses the example values mentioned in the previous section, so remember to substitute the correct values as necessary.

   <link rel="openid.server" href="http://myprovider.com/openid/server" />
   <link rel="openid.delegate" href="http://john.myprovider.com/" />

If your OpenID Provider supports OpenID 2.0, also add:

   <link rel="openid2.provider" href="http://myprovider.com/server" />
   <link rel="openid2.local_id" href="http://john.myprovider.com/" />

If your OpenID provider that support both OpenID 2.0 & XRDS (VeriSign & LinkSafe), also add:

   <meta http-equiv="X-XRDS-Location" content="http://myprovider.com/oid_xrds/=ve7jtb" />

This tells sites to use your provider's identity server to check who you are, and that your provider knows you by the URL given in openid.delegate.

Once you've added these to your page, you should now be able to use the URL of your page as your identifier when signing in to OpenID-enabled sites. Your OpenID provider's identity server, as indicated by openid.server, will still do all of the hard work but you will ultimately be identified by your own website address when you've signed in.