IRC Log for #openid on 2007-01-14

Timestamps are in UTC.

  1. [00:12:24] * whateley ( has joined #openid
  2. [01:09:53] * DJCapelis (n=DJCapeli@blender/coder/DJCapelis) has joined #openid
  3. [01:23:05] * hober (n=ted@unaffiliated/hober) has joined #openid
  4. [01:50:18] * hikari_esblogger ( Quit (Remote closed the connection)
  5. [03:32:46] * j3h ( has joined #openid
  6. [04:21:25] * cote ( Quit ()
  7. [04:31:36] * cote ( has joined #openid
  8. [06:29:35] * e_s_p (n=evanpro@pdpc/supporter/silver/evanpro) Quit (Remote closed the connection)
  9. [07:28:55] * VxJasonxV (n=jason@xmms2/troll/VxJasonxV) Quit (Remote closed the connection)
  10. [08:17:41] * hober (n=ted@unaffiliated/hober) Quit ("ERC Version 5.1.3 (IRC client for Emacs)")
  11. [08:30:09] * sh1mmer ( Quit (Read error: 104 (Connection reset by peer))
  12. [08:31:15] * sh1mmer ( has joined #openid
  13. [08:50:13] * veeliam (n=veeliam@ has left #openid
  14. [09:50:16] * xlarrydrebes ( Quit (Remote closed the connection)
  15. [09:58:45] * GabeW (i=gwachob@pdpc/supporter/professional/GabeW) Quit (Remote closed the connection)
  16. [09:59:34] * GabeW (n=gwachob@pdpc/supporter/professional/GabeW) has joined #openid
  17. [10:06:46] * GabeW (n=gwachob@pdpc/supporter/professional/GabeW) Quit (Remote closed the connection)
  18. [10:12:13] * GabeW (i=gwachob@pdpc/supporter/professional/GabeW) has joined #openid
  19. [10:17:24] * myren_ (n=myren@ has joined #openid
  20. [10:28:56] * myren (n=myren@ Quit (Read error: 110 (Connection timed out))
  21. [11:44:28] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) Quit (Read error: 110 (Connection timed out))
  22. [11:44:48] * rorek ( Quit (Read error: 110 (Connection timed out))
  23. [12:15:16] * myren_ (n=myren@ Quit (Read error: 110 (Connection timed out))
  24. [12:18:31] * myren_ (n=myren@ has joined #openid
  25. [12:38:09] * hikari_esblogger ( has joined #openid
  26. [13:03:11] * sh1mmer ( has left #openid
  27. [13:30:14] * rorek ( has joined #openid
  28. [13:30:22] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
  29. [16:28:02] * hikari_esblogger ( Quit (Read error: 110 (Connection timed out))
  30. [18:10:23] * hikari_esblogger ( has joined #openid
  31. [19:11:34] * j3h ( Quit (Read error: 110 (Connection timed out))
  32. [19:24:29] * myren (n=myren@ has joined #openid
  33. [19:27:21] * Cody`macbook ( has joined #OpenID
  34. [19:27:57] <Cody`macbook> Anyone around here used MySQLStore in php-openid before?
  35. [19:36:13] * myren_ (n=myren@ Quit (Read error: 110 (Connection timed out))
  36. [19:39:58] * myren_ (n=myren@ has joined #openid
  37. [19:40:24] <keturn> Cody`macbook: no, but I think I met a guy who did once.
  38. [19:40:47] <Cody`macbook> because I cannot get it working
  39. [19:40:58] <Cody`macbook> I'm trying to adapt the consumer example that comes with the api
  40. [19:41:07] <Cody`macbook> but I can't get it to store the associations
  41. [19:42:26] <keturn> are there errors in either the apache or mysql logs?
  42. [19:42:27] * myren (n=myren@ Quit (Read error: 110 (Connection timed out))
  43. [19:44:01] <Cody`macbook> nope
  44. [19:45:43] <Cody`macbook> :/
  45. [19:55:07] <keturn> it looks like the example consumer is configured to use the filestore by default, did you change that to the mysql store?
  46. [19:56:05] <Cody`macbook> yeah
  47. [19:56:07] <Cody`macbook> of course
  48. [19:56:17] <Cody`macbook> and I passed it the db object and everything
  49. [19:58:07] <keturn> hmm, not sure what to say. hard to debug without error messages. and our database guy grumbles a lot about mysql's lack of useful logs.
  50. [19:58:25] <keturn> there's a switch you can flip, somewhere...
  51. [20:02:34] <Cody`macbook> i have the mysql class log every query
  52. [20:02:45] <Cody`macbook> only the query selecting association shows up
  53. [20:02:48] <Cody`macbook> none creating them
  54. [20:02:52] <Cody`macbook> and this is off a full login
  55. [20:03:27] <keturn> does it matter which IDP you're using?
  56. [20:06:42] <keturn> we've had some IDPs that just don't establish associations...
  57. [20:08:57] <Cody`macbook> I'm using
  58. [20:12:21] <keturn> I'm running out of ideas. I'd recommend posting to the mailing list, I think.
  59. [20:14:46] <Cody`macbook> hmm
  60. [20:15:37] <Cody`macbook> Well let's try it this way: All I should have to do to get it converted to the mysql storage is to make the store system based on the mysql storage class? I assume from there hte methods act the same across storage engines?
  61. [20:16:46] <keturn> sounds correct
  62. [20:18:12] <Cody`macbook> then I've got no idea why it's not storing them
  63. [20:18:17] <Cody`macbook> the query isn't even being executed
  64. [20:18:25] <Cody`macbook> I can zip up the code I have so far if you'd like to see it
  65. [20:20:01] <keturn> I'm not sure I know the PHP version well enough to spot errors
  66. [20:20:09] <Cody`macbook> :/
  67. [20:20:16] <Cody`macbook> imo the php version is way over complex
  68. [20:20:42] <Cody`macbook> internally anyway, but simple interface if I can get it working
  69. [20:22:00] * jibot ( has joined #openid
  70. [20:24:58] <Cody`macbook> bah this is delaying
  71. [20:25:04] <Cody`macbook> Know of any other php openid libs?
  72. [20:26:58] <Cody`macbook> hmm may have spotted the issue :o
  73. [20:33:39] <Cody`macbook> I take that back :/
  74. [21:56:06] <Cody`macbook> Does anyone know where consumer::setAssociation would be called from?
  75. [21:56:17] <Cody`macbook> before or after login request is sent?
  76. [22:16:45] * Cody`macbook is now known as Cody`
  77. [22:37:41] * Demian (n=demian@ has joined #openid
  78. [22:37:43] <Demian> hi
  79. [22:38:21] <Cody`> lo
  80. [22:38:43] <Demian> openid really sounds attractive to me :-)
  81. [22:39:31] <Demian> i am interested in .net and java implementations.
  82. [22:40:00] <Demian> is there a way to get access to the source control repositories and keep track of changes?
  83. [22:41:16] <Demian> I'd like to collaborate.
  84. [22:42:10] * whateley ( has left #openid
  85. [22:44:42] * j3h ( has joined #openid
  86. [22:53:23] <DJCapelis> Demian: OpenID doesn't have a centralized repository for all implementations.
  87. [22:53:42] <DJCapelis> Everyone's free to write their own, so there's no real good way to force everyone to use the same repo :)
  88. [22:55:59] <Demian> i see.
  89. [22:58:12] <Demian> and is not a problem if I use a .net server implementation to authenticate my commercial sites ?
  90. [22:59:11] <DJCapelis> server or consumer?
  91. [23:00:31] <Demian> i am thinking to develop my own server or use one of the existing implementations to authenticate my commercial web sites, which would be consumers.
  92. [23:01:30] <gregh> are you considering allowing users to use any identity provider, or would it be all self-contained within your sites?
  93. [23:03:25] <Demian> i though about my own identity provider...
  94. [23:04:22] <Demian> but, maybe using an existing one it's ok. Can i control which identify providers are allowed to use in my sites ?
  95. [23:04:59] <gregh> yes, your site is responsible for contacting the user's identity provider, so you could make a decision whether to allow or deny any particular identity provider
  96. [23:05:34] <gregh> however, some people (like me) will have their own identity provider that you won't see for any other user. That is, it runs on my own site and services only me.
  97. [23:05:46] <DJCapelis> Demian: That's a fairly odd use of openid though, the idea is to allow anyone with an identity provider to securely access your sites.
  98. [23:06:45] <Demian> gregh, why would you use a private identity provider for only one person?
  99. [23:07:29] <gregh> because I'm not relying on anybody else to support my identity
  100. [23:07:50] <gregh> (I wanted to make sure I understood the openid spec, so I wrote my own identity provider)
  101. [23:08:38] <Demian> but what If the identity provider is not trusted? let's say, i code a server at, and I don't trust in their identities?
  102. [23:09:08] <DJCapelis> Demian: how is that a concern for you?
  103. [23:09:30] <DJCapelis> It's the end-user's problem about when identity provider they trust to keep their identities secure, not yours.
  104. [23:09:39] <DJCapelis> s/when/which/
  105. [23:10:09] <DJCapelis> you would have to actually get users to assume is a server that is coded correctly and is secure for that to become a problem.
  106. [23:10:17] <Demian> well.. i am a bit confused. currently I am thinking about where to allow or deny access to my site, If allow access because a user was identified through a trusted provider, or if an authorization rule in my site says if that user is allowed or not.
  107. [23:10:35] <DJCapelis> How exactly did you want to use openid?
  108. [23:10:41] <DJCapelis> What types of access are you controlling?
  109. [23:13:11] * hikari_esblogger ( Quit (Remote closed the connection)
  110. [23:13:19] <Demian> forget it. I though i mixed up authentication and authorization, which are different.
  111. [23:13:28] <keturn> there's a .net openid implementation available on openidenabled, and we'd welcome some help maintaining it. Sxip maintains a Java version.
  112. [23:14:31] <Demian> keturn: it would be cool to help :)
  113. [23:15:22] <Cody`> Anyone around here used the php version?
  114. [23:15:27] <Cody`> of the library*
  115. [23:17:10] <Demian> now I wonder about something related, authrization providers? are there standards or things about that?
  116. [23:17:20] <Demian> *authorization
  117. [23:18:13] <DJCapelis> Demian: there's some openid specs in the works that'll do something vaguely similar but the problem of verifying people is much harder than verifying ownership of a URL.
  118. [23:18:26] <Demian> which would define access rules. for example, if the user U at company X is allowed to use project Y under roles R*
  119. [23:18:59] <Demian> and it has many variables, and depends a lot of the context.
  120. [23:19:06] <DJCapelis> Demian: That's something that really has to fall to the application or respective databases to enforce those types of controls.
  121. [23:19:17] <gregh> people do build authorization systems in mostly the same ways, but it's well outside the scope of openid
  122. [23:19:48] <gregh> and it's generally not something you want a third party to have control over, anyway
  123. [23:19:58] <Demian> sure, i know it's out of openid, but i just wondered what exists about that. i know many people performs authorization in similar ways, so I wanted to ask.
  124. [23:20:41] <Demian> sure, but what about a centralized authorization entity for all sites in someone's company?
  125. [23:22:01] <Demian> it would be some kind of ldap or directory with user attributes, for example, the company, the role, etc. it should be flexible to be adjustable to different contexts.
  126. [23:23:29] <Demian> and possibly not mintained by a third party, due to a trust issue.
  127. [23:24:18] <gregh> there may indeed be such a thing, and yes it would be useful, but I'm not familiar with any generic system like that :)
  128. [23:24:21] <DJCapelis> Demian: erm... I think you might be going about that the wrong way... why not just let the applications just grant the right privs to the right openids on an individual basis?
  129. [23:24:39] <keturn> Cody`: the _getAssociation and _parseAssociation methods in Consumer.php look like the bits you're looking for. First the db is queried for an association,
  130. [23:24:59] <keturn> and if one isn't found it does the POST to the server, and then stores the result
  131. [23:25:46] <Demian> DJCapelis: yes. i think what I was talking about in the last lines was not an openid-related thing. and maybe this is not the right channel to talk about that.
  132. [23:26:39] <keturn> Demian: I expect there will be folks who do use LDAP, and others who just keep a flat list of identifiers to allow
  133. [23:27:16] <DJCapelis> Demian: I'm just not entirely convinced you want centralized authZ, what type of org is this?
  134. [23:28:08] <GabeW> DJCapelis: you are at UCSD?
  135. [23:28:44] <Demian> DJCapelis: yes, I am now convinced that I don't need centralized openId provider. :)
  136. [23:29:00] <DJCapelis> GabeW: yeah
  137. [23:29:07] <GabeW> i did my CS degree at UCSD
  138. [23:29:16] <GabeW> 3rd college - there were only 5 when I was there ;-)
  139. [23:29:29] <DJCapelis> GabeW: Neat, UCSD has an openid server now :)
  140. [23:29:35] <GabeW> really?
  141. [23:29:36] <GabeW> neat
  142. [23:29:45] <DJCapelis> not entirely deployed and finalized yet
  143. [23:30:48] <DJCapelis> but it's almost through the final audits and ready to get pushed, we've already incorporated it into one of the internal infrastructure components for one of the departments... so we'll see if it goes anywhere :)
  144. [23:31:13] <GabeW> thats really cool
  145. [23:32:26] <DJCapelis> Yeah... we had to fuse it into shibboleth to make that happen, so it's a bit of an odd duck, but it works :)
  146. [23:34:33] <Demian> keturn: what about the maintenance of the .net library?
  147. [23:36:07] <keturn> hmm, doesn't look like the source control repository is on the public server right now, but that can be fixed
  148. [23:36:11] <keturn> have you used darcs at all?
  149. [23:39:44] <Cody`> keturn: The issue I'm having, is that it's not getting stored
  150. [23:39:49] <Cody`> and I can't figure out why
  151. [23:40:19] * hikari_esblogger ( has joined #openid
  152. [23:43:59] <keturn> Demian: want to send a message expressing .net interest to, and I'll let you know when the repository is online?
  153. [23:44:55] * keturn must soon leave for other things this afternoon
  154. [23:55:55] <Demian> ok

These logs were automatically created by OpenIDlogbot on using a modified version of the Java IRC LogBot.