MicroID, the coolest technology from 2006 you've never heard of

Written on December 21, 2006 in Technical.
Adam Fortuna

Hey hey! I'm a developer who lives in Orlando, FL. Right now I work at Code School, listen to a lot of audiobooks, set way too many goals, write at minafi.com and tweet often.

Well, I hadn’t heard of it at least. Identity management hasn’t come into my field of vision until recently, which probably explains my recent obsession with OpenID and even more recently MicroID . If you think of OpenID as a unique way of claiming your identity (like an email address does, but with URLs), MicroID is a way of claiming a single URL (or field on that URL) belongs to a unique identity. This identity can be a URL or an email, but generally will be an email address. This solves a very annoying problem on the web that I’d recently had to deal with from both Google and Technorati. When you add a link to your Google Webmaster tools page, or a blog to Technorati, you’re required to upload a file to the server so that it knows you really own in the site in question. The way MicroID works, is that instead in the tag of each page you have a little line.

The 40 character tag is generated by hashing a hashed email plus the hashed url in question. The Coldfusion implementation looks something like this: [cfm][/cfm] Keep in mind that in Coldfusion when you hash something you get a result in all caps, so you have to use lcase() on the result. In this case you need to re-hash the lowercase values instead (that took up a good hour of my time to figure that one out unfortunately).

So lets say i use someone@somewhere.com as my google email, and I use that as my email in generating that hash that I throw in my of my webpage somewebsite.com. If Google has been able to verify my email, they know I’m the owner of the page in question. The power isn’t in a single use mind you, but now whenever you sign into a new website using someone@somewhere.com , and they need to check if somewebsite.com belongs to you, they can do it on their own! ClaimID has the right idea when it comes to this. You can add multiple emails to your account, then as new sites are added to your profile, if any of your validated emails match that of a site you’ve added you gain ownership (in this it’ll say “Verified”) next to it.

I’d recommend adding the MicroID Plugin if you’re using Wordpress, or otherwise finding how to add it on your own. If you’re using this plugin, one benefit is that posts by other authors will show up with ownership to that author. This is great for what I’m wanting to use it for, as it’s more page specific than domain wide.

If you’re interested in how to implement this in Coldfusion, I added a sample app that checks for ownership in my svn repo, as well as the live code on my cheap Godaddy cf hosting. If you know of a better way of parsing out the microid from the head of the response page, please let me know. It should work for most cases unless you have some weird characters between the tags that matter. I keep reading parsing html using regex is, well, not good, so if there’s a better way, or an more straightforward regex, I’d gladly go with that. Only rule is that that meta tag has to exist in the head (can’t exist elsewhere, on the idea that someone could enter it in a comment form and gain ownership I imagine).