Having my brand new certificate installed, I was anxious to take it out for a spin. I went to the SSL manager in my Bluehost control panel, and low and behold, they were NOT lying… there was my certificate. I clicked on the link to view my private key. This is what I saw in my Bluehost panel (I’ve change two characters in the image below so it’s STILL private!):

And this is what the fields I need to copy SOMETHING into look like in the Plugin options:

Okay… three fields need to be filled in. I guessed the secure site URL was just “https://drstarcat.com”, and when I clicked saved, the plugin gave me a green arrow next to the URL so I was on the right track. Now the tough part… what part of the above information about my SSL certificate is the Private Key? I’d installed these things before, but I couldn’t remember. It DEFINITELY seemed like the information in the top box, but what piece of it? Do I include the “—–BEGIN RSA PRIVATE KEY—–” part or just the stuff between it and the “—–END RSA PRIVATE KEY—–”? I tried BOTH of course and I STILL couldn’t get that last red “X” to turn into a green check mark.

I then begin to fixate on the “SSL Passphrase” piece. Do I have one of those? And if so, where is it? I write back to Bluehost. They reply almost immediately (Nice!). I DO have a pass phrase, but they hadn’t told me this. Now with my pass phrase in hand I am SURE I am nearing success. I try the pass phrase with just the stuff between the begin and end statements. No green arrow. I try it with the begin and end statement included–STILL no green arrow. NOW I’m in that very bad place where I have three variables, none of which I’m sure about, and no combination that seems to work. What do I do?–the manly thing of course. I write Pamela and ask her for help (yes, I was whining in the email).

I wait for a couple of hours for Pamela to respond. Given the fact, however, that this is NOT her job, she does not respond to me like my new pals at Bluehost. I start to tinker again. As I mess around I notice that my SSL certificate is ACTUALLY for “www.drstarcat.com”, not “drstarcat.com”. Now I had already tried switching the URL field to “https://www.drstarcat.com”, but I still hadn’t gotten the green arrow. Regardless, I was sure this would be a problem in the future, so I went ahead and wrote Bluehost to tell them to give me a new one with just “drstarcat.com”. They tell me that they stopped issuing certs for the base URL because “Cpanel would randomly uninstall the SSL”. I tell them I’ll take my chances and to get me the new one.

Two hours later (and just a little while ago), I’m done with dinner and I stumble back over here to my computer to see what new information I might have. Still no Pamela, Mike’s enjoying my pain, BUT the guys at Bluehost have given me the new cert. I’m pretty skeptical that it’s going to work, but since I don’t have anything better to try, I begin trying all the possible combinations in the three fields, and BAMN, like a sore-luck loser in Vegas who finally sees lucky 7s across the slot machine window, I get it… SIX green arrows! The winning combination:

Secure Site URL: https://drstarcat.com

SSL Private Key: Include the “Begin” and “End” statements

SSL Pass phrase: Required (at least for me).

Nice… my wife appreciates how I have to prove that I actually got it to work with an image. Too bad! I EARNED those six green arrows! Now the funny part is that I still don’t know what to do with my now functioning iCard enabled blog. I don’t require people to sign in to post (in fact, I can’t figure out HOW to require people to sign in, even for fun!). Regardless, if you’d like to sign into my blog using your iCard, you now can at this link. I’ll make sure that I learn how to require signing in to comment on my MOST important posts and enable LOTS of other really cool exclusive stuff for people who can figure out how to use an iCard, so I’m SURE it will be worth your while.

So what’s the final word on the Pamela Project? Well, clearly, I don’t have it, as this project (along with the rest of the Identity space) is JUST beginning in spite of how much work has already gone into it. Obviously any sane person isn’t going to go through what I did, but I also found out in my struggles that Pamela is about to release a version of the plugin that does NOT require SSL (talk about timing!) So really if you think about it, with just a little better instruction (put the dumb dumb download up front, and show exactly what needs to go into each blank), I probably could have installed the plugin (without SSL) in about 5 minutes (instead of 7 hours). If EVERY website in the world could become a relying party in 5 minutes, and that meant NO one EVER had to enter a password again… well, I’ll leave the math to you, but I think they might just be onto something.

Just to give some background, I’m attempting to install the Pamela Project WordPress plugin v0.9 on my drstarcat.com blog that is hosted at Bluehost. The first step is to find the WordPress plugin page on the Pamela Project site. Normally I’d go to the WordPress plugin directory, but I believe Pamela doesn’t want to post it there until v1.0. The first thing I notice when coming to this page (because it is so well laid out) are the requirements:

This already puts me in a bit of bad mood because I don’t know if I have ANY of these things besides a “WordPress blogging environment” and it pretty much looks like I’m here for the afternoon. The next thing I do is go to the link that provides installation instructions. The first thing they ask me to do is to get the plugin (seems like a good idea).

At first I panic because the instructions tell me to go to some directory on my server and then checkout the code from Subversion followed by some Unix commands. This sounds like something my development team asks me to do while looking at me as if they just asked me to grab a quart of milk from the fridge. As a non-Unix person, I can attest that it is more akin to doing some quick calculus to figure out how to put someone on the moon.

Fortunately, my panic subsides as I realize they have dumb-dumb instructions below this with a link to download the plugin. I can then just use Cyberduck to upload it to my plugins directory (yes, I like my technology masked by familiar childhood playthings). Wow… I actually have it on my server already, maybe today isn’t going to be so bad after all! Now I just go to my WordPress admin page and go to the Plugins tab, and cool… there is the Pamela Project!

After I click the “activate” link on the plugin, I go to my “Options” tab to see if I can actually get this thing to work. As I look at the page, I’m both happy and sad:

I’m THRILLED that it looks like I have PHP 5 and these mysterious “Crypto Libraries” already installed (I probably would have had to quit otherwise!). I’m mildly sad to see that I need to get an SSL cert. Now, given that I understand iCards at a low enough level to know they use SSL, and given the fact that Pamela warned me on the instructions page that I would need this, I shouldn’t be disappointed, but I was REALLY hoping I could get away without it.

After sulking a bit, I give Bluehost a call. They make me feel better by making it seem like it’s not going to be such a big deal. At first I hope I’m going to be able to use the “shared” certificate that Bluehost let’s anyone use, but once I explain that I need the “Private Key” they tell me I’ve got to get my own. This also requires that I get a static IP (I KNOW, I was already warned in the requirements!)–total price: $90. Pamela will owe me a drink at IIW! Since it’s going to take a few hours to get my SSL cert issued and installed, I think I’ll post this and go outside for a break!

As I’ve explained more than once in this blog, a greater problem than finding reliable Identity Providers is getting the websites we know and love to become Relying Parties. That is exactly the problem that Pamela has deemed to attack with her eponymous project. As the project’s mission statement says, “The Pamela Project is a grassroots organization dedicated to providing community support for both technical and non-technical web users and administrators who wish to use or deploy information card technologies.” Given the difficulties I experienced even USING iCards as a non-technical web user, this seems like a pretty ambitious task, and as part of this post, I’m going to try to get my blog up and running. First, a few words about Pamela and the history of the project.

Pamela first ran into the issues surrounding Identity in her role as a technology consultant in Calgary in 1999. Anyone who’s done any large-scale enterprise software installation has likely had a similar experience–try to do anything and you’ll run into a myriad of (often semi-functional) authentication and directory services before you can even get off the ground. She’d been working at a company that does Peoplesoft installations and with Oblix (an enterprise self-service password management tool later acquired by Oracle), when she attended her first Burton Identity conference in 2001. It was here she first began to think of Identity as a (the?) core technology problem, as opposed to something peripheral to what she wanted to get done. It’s a realization that, once had, can become a little consuming (trust me, I spend WAY too much time building software to be blogging about anything–especially, SOFTWARE).

Her second “ah-ha” moment came when, if my notes serve me correctly, she was “hit on the head with a brick” by Kim Cameron at the 2002 Catalyst conference. There he drew her a brief sketch on a napkin where he showed the three party system (Subject, Relying Party, Identity Provider) that is at the core of most of the emerging identity systems. She was hooked, but it wasn’t until in 2005, when Kim added some sample PHP Relying Party code to his blog that she saw a place where she could contribute. As a sometimes PHP hacker, she took the simple code, and began to port it over to some of her favorite PHP frameworks (WordPress, Joomla, and MediaWiki). Since that time, she and about 10 other contributers have been working to get a 1.0 version of the product out, which, given Pamela’s commitment, I suspect will be about like most other project’s 2.0 release.

Before writing about my experience installing the WordPress v0.9 plugin, a word about the seemingly self-promulgatory name of the project because I think it says a lot about Pamela as a person and the Identity movement she’s part of. According to Pamela it’s the last name she would have thought of as a woman working as a technologist. As she explains, it’s hard enough as a woman to get recognized as a serious technologist without drawing unnecessary attention to yourself. Having a wife who is one the best Java engineers in NYC, but who also is regularly asked if she REALLY wrote the stunning code she produces, I can attest this is true. It’s because of this stereotype though that Pamela chose the name. She was tired, as someone who is self-admittedly “vocal”, of this kind of self-inflicted sheepishness. So in “defiance to self-regulation”, and at Craig Burton‘s urging, she chose The Pamela Project.

This is indicative of Pamela and many others I’ve met in the Identity movement not only because it demonstrates the self-reflection surprisingly consistent in this crowd. It is indicative because it shows a willingness to take a risk and do something insanely difficult in order to do something you believe in. I finished my talk with Pamela asking her why she does it. Why leave a long day of fighting with technology to spend the evening coding on something that she can never hope to gain from financially? Her answer was that it is BECAUSE Identity is still too early for many to make a living at it that she participates. It ensures that the many technologists looking to make a quick buck are nowhere to be found. It ensures that Pamela can spend time with people who do what they do, because like her, they care.

I’ll let you know how my experience actually USING the Pamela project goes in my next post. In the mean time, as you wait in breathless anticipation, why not go over to the project’s site and ask Pamela how you can be of use. This is a big project and they’re going to need all the help they can get.