IRC Log for #openid on 2006-12-18

Timestamps are in UTC.

  1. [03:16:18] * xlarrydrebes (n=xlarrydr@c-71-56-130-115.hsd1.wa.comcast.net) Quit ("The computer fell asleep")
  2. [03:20:20] * GabeWE61 (n=GabeWE61@m310e36d0.tmodns.net) has joined #openid
  3. [03:58:06] * GabeWE61 (n=GabeWE61@m310e36d0.tmodns.net) Quit ("jmIrc destroyed by the OS")
  4. [07:41:37] * TimothyP (n=timothyp@116.252-243-81.adsl-static.isp.belgacom.be) has joined #openid
  5. [07:42:45] <TimothyP> Hello, I have a drupal site which I moved from one server to another. along with a Wordpres site. both use OpenID. The wordpress site is working again, the Drupal site isn't. When people log on they get a message stating authentication has failed: Server denied check_authentication
  6. [07:45:50] <gregh> have you tried your sites with different identity providers?
  7. [07:47:07] <TimothyP> yes
  8. [07:47:08] <TimothyP> :)
  9. [07:47:11] <TimothyP> first thing we did :)
  10. [07:47:22] <TimothyP> and both wordpress and drupal use the same php lib for openId
  11. [07:47:55] <TimothyP> http://blogs.homelinux.org --> wordpress // www.blicbox.be --> drupal they are on the same server. the name of the site didn't change either. it worked while they were both on the old server
  12. [07:48:53] <gregh> hm, hard to say.. I've worked with neither wordpress nor drupal, so I'm not really sure what to look for
  13. [07:49:09] <gregh> I'd guess that is has something to do with the particular php config on the new box
  14. [07:49:29] <GabeW> there's a tool out there for debugging openid instals
  15. [07:49:31] <GabeW> installs
  16. [07:50:19] <GabeW> http://www.openidenabled.com/openid/openid-tools
  17. [07:50:43] <TimothyP> oh cool
  18. [07:51:01] * TimothyP takes a look at it
  19. [07:51:06] <GabeW> ok - so those tools I think are for testing servers (OPs)
  20. [07:51:49] <GabeW> no 'consumer test' tool yet, apparently
  21. [07:51:57] <GabeW> but the server tests are really good
  22. [07:52:24] <TimothyP> it's probably something on the server anyway
  23. [07:52:29] <TimothyP> as it worked perfectly on the old server :)
  24. [07:52:50] <gregh> hey, that is a cool tool
  25. [07:53:00] <GabeW> yup
  26. [07:53:02] <gregh> why didn't I know about that three weeks ago :)
  27. [07:53:16] <GabeW> and thanks to logging we have in place now on this channel, we've even got a link in the irc logs
  28. [07:54:17] <TimothyP> would be usefull if I could actually download the tests :p
  29. [07:55:40] <GabeW> you mean the source?
  30. [07:57:42] <TimothyP> yes
  31. [07:57:55] <TimothyP> since I can only run them on their server at the moment :p
  32. [07:58:59] <GabeW> cygnus is the apparent author
  33. [07:59:01] * TimothyP (n=timothyp@116.252-243-81.adsl-static.isp.belgacom.be) has left #openid
  34. [07:59:07] * TimothyP (n=timothyp@116.252-243-81.adsl-static.isp.belgacom.be) has joined #openid
  35. [07:59:10] <TimothyP> oops wrong button
  36. [07:59:30] <TimothyP> good thing we have those logs :p
  37. [07:59:42] <TimothyP> yes cygnus lol he seems to be the author of everything related to openid :)
  38. [07:59:53] <TimothyP> if he were here he'd be able to help me in a jiffy , he always does :p
  39. [08:00:04] <GabeW> well, thats his job!
  40. [08:00:07] <TimothyP> :)
  41. [08:00:21] <GabeW> speaking of whicn, I need to retire so I can get up and do my job tomorrow
  42. [08:00:36] <TimothyP> Have a good night rest :)
  43. [11:23:49] <TimothyP> hmm`
  44. [11:24:00] <TimothyP> pear list does not show Auth_OpenID
  45. [11:24:05] <TimothyP> yes it says it's already installed
  46. [11:47:09] <TimothyP> pear uninstall Auth_OpenID gives that it is not installed
  47. [15:35:37] * PatF (n=pfelsted@c-24-10-171-227.hsd1.ut.comcast.net) has joined #openid
  48. [16:33:33] * PatF (n=pfelsted@c-24-10-171-227.hsd1.ut.comcast.net) Quit (Read error: 110 (Connection timed out))
  49. [16:37:45] * daleolds (i=daleolds@nat/novell/x-df6fcc93ece26314) has joined #openid
  50. [17:10:54] * PatF (n=pfelsted@137.65.133.8) has joined #openid
  51. [17:34:43] * TimothyP is now known as T
  52. [17:34:50] * T is now known as TAWAY
  53. [17:47:01] * daleolds (i=daleolds@nat/novell/x-df6fcc93ece26314) has left #openid
  54. [17:50:56] * TAWAY (n=timothyp@116.252-243-81.adsl-static.isp.belgacom.be) Quit ("This computer has gone to sleep")
  55. [18:12:59] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  56. [18:13:44] * tnarg (n=grant@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  57. [18:29:26] * chowells79_ (n=c_wraith@c-67-169-210-111.hsd1.or.comcast.net) has joined #openid
  58. [18:33:12] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  59. [18:42:59] * cygnus (n=cygnus@198.145.244.134) has joined #openid
  60. [18:42:59] <jibot> cygnus is WorkerBee(name="Jonathan Daugherty", company="JanRain, Inc.")
  61. [18:43:00] * newtMcKerr (n=newtMcKe@osuosl/staff/newtMcKerr) has joined #openid
  62. [19:46:12] <GabeW> we need phenny
  63. [19:46:16] <GabeW> cygnus: check the logs
  64. [19:54:07] <cygnus> GabeW: ?
  65. [19:55:15] <sanedragon> cygnus, TimothyP had some problems last night it looks like. keturn briefly talked to him. Looked to me as if he had some problem with his store when he switched servers
  66. [19:55:33] <GabeW> heh
  67. [19:55:41] <GabeW> actually the question was about open sourcing the test code
  68. [19:56:24] <sanedragon> oh, the server tests
  69. [19:56:33] <GabeW> http://rbach.priv.at/OpenID-IRC/2006-12-18#T075417
  70. [19:56:38] <cygnus> sanedragon: he emailed me about it
  71. [19:56:47] <cygnus> but from the email, it didn't sound like his problem was what he thought it was
  72. [19:56:50] <cygnus> and I'm awaiting further details
  73. [19:56:51] <GabeW> oh ok
  74. [19:56:58] * GabeW wanders awy for fone call
  75. [19:58:08] <_keturn> the test suite(s) should end up open-sourced and in Heraldry at some point
  76. [19:58:47] <_keturn> but I think we probably need to invest a bit in updating and cleaning up that code before we can do that
  77. [20:07:15] <_keturn> was there some other OpenID-enabled site in the vein of LibraryThing/Reader2/AllConsuming, etc, besides Stuffopolis?
  78. [20:56:01] * PatF (n=pfelsted@137.65.133.8) Quit (Read error: 110 (Connection timed out))
  79. [21:48:09] * SIGFPE (i=djcapeli@blender/coder/DJCapelis) has joined #openid
  80. [21:48:37] <SIGFPE> cygnus: out of curiousity, what did you patch to trac's openidplugin on 12/15 fix?
  81. [21:48:44] <SIGFPE> s/you/your/
  82. [21:57:35] <cygnus> SIGFPE: problems caused by hosting a trac at /
  83. [21:57:43] <cygnus> specifically, in the generation of the return_to
  84. [21:59:17] <SIGFPE> ah, k, noticed it rev'd, thanks.
  85. [21:59:26] <cygnus> cool.
  86. [21:59:42] <cygnus> SIGFPE: svn access permitting, I will probably be the new maintainer of that plugin soon
  87. [21:59:49] <cygnus> I'm waiting on a response from someone at trac-hacks.org.
  88. [22:00:10] <SIGFPE> nifty, it's working for us as of a few moments ago
  89. [22:00:35] <SIGFPE> it would be nice to have a feature where you could restrict to a certain openidserver for internal deployments of trac... just FYI :)
  90. [22:00:38] <cygnus> I've had mixed results with it so far, so I will be spending some more time on it soon to get some issues workedo ut
  91. [22:01:13] * SIGFPE is trying to get trac deployed with openid as the authentication mechanism in a corporate environment where people are stingy about bug data leaking... :(
  92. [22:01:23] * cygnus nods,
  93. [22:01:25] <cygnus> makes sense
  94. [22:01:37] <cygnus> but in that case, you might as well just lock the trac down at a higher level
  95. [22:01:52] <cygnus> if nobody can get in to see the bugs with openid, then they ought not be able to do much else with it as anon users
  96. [22:02:08] <SIGFPE> right, we'll have to impose those locks too
  97. [22:02:31] <cygnus> I'm only saying that doing that will satisfy both constraints
  98. [22:02:40] <cygnus> whereas blocking on server will require hacking
  99. [22:03:00] <SIGFPE> oh, wasn't entirely sure how extensive trac's permission system was yet
  100. [22:03:09] <SIGFPE> if that's already there then never mind :)
  101. [22:03:26] <cygnus> I'm saying add an apache rule denying access from anyone not on your corporate LAN. :)
  102. [22:03:29] <SIGFPE> was working on authn first, authz later. :)
  103. [22:03:49] <SIGFPE> yeah, well... it gets tricky rather fast, universities have too man IP segments.
  104. [22:04:38] <SIGFPE> but with each developer having access to their own openid identity as well as group identities, we should be able to work it out.
  105. [22:05:40] <cygnus> SIGFPE: I just feel weird about putting that sort of change into the plugin, as it is not something most people will want and is antithetical to openid. not that there isn't some demand for it -- particular in educational settings.
  106. [22:06:14] <cygnus> but it would be easy enough to add an [openid] section to the config where you can specify allowed server URLs.
  107. [22:09:32] <SIGFPE> cygnus: no, I understand how it goes against the whole open thing, believe me. But if it's already workable at a higher level than implementing it at a plugin level does seem silly.
  108. [22:10:30] <GabeW> heh
  109. [22:10:40] <SIGFPE> we should be able to implement it at the higher level like you suggested fine, lack of research on my part. :)
  110. [22:10:52] * cygnus yays
  111. [22:10:54] * GabeW thinks there could be a lot of experimentation with openid that is "antithetical" to openid
  112. [22:15:47] * GabeW refers the class to the concept of the "Overton Window"
  113. [22:16:13] <SIGFPE> isn't authentication antithetical to openness anyways? :)
  114. [22:16:45] <cygnus> hah
  115. [22:17:05] <GabeW> the Overton window is a visualization tool used by .think tanks. that want to sway public opinion on certain issues. You start by outlining the continuum of possible opinions on an issue, including opinions which seem ridiculous or unthinkable. Then you figure out the narrower range of opinions that people currently consider reasonable. This range is the Overton window. The job of the think tank is to move the Overton window in a certain
  116. [22:17:15] <GabeW> (from http://diveintomark.org/archives/2006/08/23/overton-window )
  117. [22:17:18] <GabeW> http://en.wikipedia.org/wiki/Overton_window
  118. [22:18:04] <GabeW> i think the overton window is definitely being pulled towards openid
  119. [22:18:22] <GabeW> but what is "antithetical" to openid is not outside the overton window currently
  120. [22:19:22] <cygnus> GabeW: well, whitelisting servers with a default deny policy is antithetical in a strict sense, but I don't think it really matters if it's done when it's the appropriate (and / or only) solution.
  121. [22:19:54] <GabeW> actually, I'm not sure there's actual consensus about what is the one true "OpenID Way"
  122. [22:19:57] <cygnus> and I think we all understand that original intent with openid is going to cover only a fraction of real-world use-cases once it gets going.
  123. [22:20:18] <GabeW> yup
  124. [22:21:03] <SIGFPE> that's pretty much the case with any worthwhile protocol or technology
  125. [22:21:21] <SIGFPE> there's always people like me sitting around bending it in ways it shouldn't bend.
  126. [22:21:34] <SIGFPE> speaking of which, what do you folks think of group identities?
  127. [22:21:45] <GabeW> group identities are k-rad
  128. [22:22:05] <GabeW> the only issue is whether a relying party should be told
  129. [22:22:30] * cygnus thinks no
  130. [22:22:33] <SIGFPE> mm, I think you overestimate my implementation of group identities
  131. [22:23:04] <SIGFPE> to me, I just have the openid server authorize multiple people to an openid, any of them can use it.
  132. [22:23:26] <GabeW> well, sure - you can always share passowrds, or have one-of-N password scheme
  133. [22:23:45] <SIGFPE> our single sign-on system takes care of linking the identities together.
  134. [22:24:15] <GabeW> yah
  135. [22:24:19] <GabeW> thats one way of doing it
  136. [22:24:25] <SIGFPE> it identifies people as individuals as part of group X and allows them to use either their individual identities or the identity for their department or the organization as a whole.
  137. [22:24:30] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) Quit ("Leaving")
  138. [22:24:33] <GabeW> thats very in line with the OpenID Way
  139. [22:24:40] <GabeW> the OQWAN
  140. [22:26:45] <GabeW> (OpenID Quality Without A Name) - OQWAN
  141. [22:27:04] <SIGFPE> we haven't really pushed out the thing to broad deployment yet, so we're not sure about how users are actually going to use groups in practice.
  142. [22:27:15] <SIGFPE> we're hoping they get inventive and come up with neat things to do with them.
  143. [22:28:22] <SIGFPE> (one of the cooler uses that spring to mind is a blog aggregator that allows anyone that can use the specified openid to add their own blog without having to send an e-mail to someone)
  144. [22:28:22] <GabeW> yah
  145. [22:28:28] * newtMcKerr (n=newtMcKe@osuosl/staff/newtMcKerr) Quit ("Leaving")
  146. [22:28:47] <GabeW> some interesting things you might be able to do with the OP-provided ID
  147. [22:58:42] * TAWAY (n=timothyp@116.252-243-81.adsl-static.isp.belgacom.be) has joined #openid
  148. [23:01:38] * TAWAY (n=timothyp@116.252-243-81.adsl-static.isp.belgacom.be) has left #openid
  149. [23:29:28] * PatF (i=pfelsted@nat/novell/x-4de06a0d731d3eeb) has joined #openid
  150. [23:33:49] * aSmig (i=silly@pdpc/supporter/aSmig) has left #OpenID

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.