Once I was certain I had everything I needed from the hosting, I changed the domain name servers and within a day or two my domain name was pointing to the Hostgator server and my MX records were altered accordingly. The next step – migrating WordPress!

This is the first time I have migrated content between hosts, and I was reasonably confident I could manage it. Hostgator did offer a migration service but I thought it would be beneficial to have a shot myself. I have come to expect reliability and robustness from WordPress, and this migration was no exception – almost. I migrated the database between servers without any problems; a simple enough task with the help of PHPMyAdmin. Next I downloaded my wordpress directory from Fasthosts and uploaded it to Hostgator. The configuration was changed with Vi, and all was almost well.

Unfortunately WordPress stores the records that represent files (uploads, images etc.) as absolute filesystem paths rather than relative URLs. As such my uploaded images and other files, despite being on the new server, failed to load in the browser. I had to manually alter all of the records in the database that referred to filesystem paths so that my uploads were correctly referenced by WordPress. I’m sure there must be a patch or plugin to do this, but at the time I couldn’t find one.

I think now that I have done this migration without too much difficulty I’ll export my database again, and do a clean install of the latest version of WordPress. Given that we are now in summer, although the ever changing Scottish weather would have you believe otherwise, my autumnal theme should be updated to a give a more summery feel. So that’s my next project, a redesigned ‘Max says…’!

If you already have a Microsoft Passport, you are unlikely to want to create a Yahoo! account to use their services as this would involve going through a sign up process, replicating friends lists and so on from one provider to the other etc. Besides, I don’t know about anyone else but I don’t like the idea of some large company controlling my identity: storing my username; hashed password and other details. It would be better if I could arbitrarily choose who controlled my identity, or even better, control it myself. This is where OpenID comes in.

Initially created as part of LiveJournal, OpenID is a decentralised user-centric identity management framework. What this jargon essentially means is that you decide who controls your identity – and there are many places that offer this service. You can even do it yourself. An OpenID has to be unique, so the ID would usually be a domain you control, or some other ID provider that would offer an ID like http://username.serviceprovider.com.

A traditional web application sign up process would involve completing a form where you select a username; select a password and re-enter it; enter your email address and often verify using email or a CAPTCHA. You could instead specify your OpenID and forget about selecting a username and password. The authentication would be delegated to another server, thus decoupling the authentication and identity ownership from any specific site.

When you use OpenID

• you tell a site your OpenID (e.g. http://maxmanders.co.uk)
• site parses document referenced by OpenID for specific link elements
• site redirects user to their provider based upon URL found in link elements
• user authenticates to provider
• provider redirects user back to site with evidence that they have been authenticated

This is quite a high level overview. There are a number of redirects and parameters passed between pages, and also some cryptography in the form of a shared secret involved. This cryptography is required so that the original site (relying site) can be sure that the user who is redirected back has indeed come from and been authenticated by a provider, and not somehow spoofed the request.

What all this means is that you only need to remember your OpenID and the password you chose for a particular provider. It should be noted that OpenID is in some sense a replacement for the usual username/password combination. It doesn’t inherently offer any more trust than a traditional username/password. Just as a username/password can be cracked, so too can an OpenID. The ht difference is that you control the identity, so you can switch providers at any time. If you feel like your provider is untrustworthy, then use another one or host your own. This change of provider won’t effect how you use your OpenID.

There has also been recent news that both Digg, AOL and possibly even Microsoft intend to use OpenID in current and future products to varying degrees. We have Digg, the massively popular user contributed bookmarking site which is bound to have a shed load of users; AOL which must have upward of 60 million users and Microsoft (need I say more). With a potential userbase of this size, OpenID may well be the way forward! It’s nice to see cool technologies like this snowballing from the humble geek to the massive multinational company; similar to the way Microformats have emerged. Further information on OpenID can be found on Wikipedia, the OpenID official website and Simon Willison’s blog.