We’re looking at decentralised/federated ID these days - because of course PeopleAggregator has to support everything. Yesterday as a ‘getting to know sxip’ experiment, I turned the NZ Coffee Review site into a sxip membersite. (So now you can enter your homesite and click sxip in, and have an account auto-created for you on the NZCR site - give it a go!).

One thing that strikes me about it is: how do you protect against dishonest sites and phishing? If I enter sxore.org and click ‘sxip in’, what guarantee do I have that I actually get sent to score.org? It would be cool if the identification process happened the other way around, i.e. I visit a site that I want to log in to, I click a bookmarklet which sends me to my ID provider, and I log in there, then the ID provider sends me back to the ‘consumer’ site. I’m required to trust my ID provider, but this way reduces the trust required of the consumer site.

On my server, PHP’s fsockopen function doesn’t seem to work.

<>

This code runs fine at the command line (/usr/bin/php fsocktest.php) but if I browse to it, I get these errors (repeated for sxore.com):

Warning: fsockopen(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /var/www/fsocktest.php on line 3

Warning: fsockopen(): unable to connect to www.myelin.co.nz:80 in /var/www/fsocktest.php on line 3

Update: Fixed this by installing PHP5 and Apache2 but not enabling either - huh? apt-get -t testing install libapache2-mod-php5 did the trick. Weird. Library mismatch?