When Microsoft announced that Live ID would become an OpenID provider, I wanted to know if this mean that I would be able to log into Windows Live with the OpenID I had established with JanRain (myOpenID). Angus Logan took some time to bring me up to speed on the providing party/relying party issues and pointed out that Microsoft has in fact worked as a relying party with 3 different OpenID providing parties in their HealthVault project. The supported providers are:
I happen to use myopenid, but every time I try to get started with it, I get an error
“We’re sorry. We couldn’t locate your OpenID due to a communications problem. Try again later.”
Now I haven;t begun to pester the nice folks at HealthVault or JanRain. Nor have I tried logging in with my trusty Live ID. I thought I would throw it out here to you all and see what you have to say.
There is more to this than the basic mechanics of the OpenID implementation – I would like to hear thoughts on the wider range of issues as well.
HealthVault takes additional security measures with OpenID and requires that SSL be used at all endpoints in an OpenID transaction. The SSL certificate validation fails on your ID because the certificate is for the *.myopenid.com domain, which does not cover hostnames with an additional prefix – such as nick.kasivelos.myopenid.com. We had encountered a similar issue with another provider that was resolved. This will affect any relying party that requires SSL and validates the certificates.We are actively working on improving the overall sign-in user experience at HealthVault for both the Live ID and OpenID options. As you know, each of these identity solutions has some very tough UX challenges to deal with.Thanks for brining this to our attention Nick!-Matt (PM on the HealthVault team)