IRC Log for #openid on 2007-01-25
Timestamps are in UTC.
- [00:02:41] <cygnus>
myren_: ?
- [00:02:50] <myren_>
xlarrydrebes's announcement
- [00:04:56] <cygnus>
that wasn't his
- [00:04:59] <cygnus>
that was done by the bot. :)
- [00:05:44] <myren_>
yeah i saw that, thats why i commented
- [00:05:58] <myren_>
just seemed amusing. and random.
- [00:06:16] * mpg4 wishes *he* was a janrain idler...
- [00:06:42] <cygnus>
hah
- [00:08:40] <chowells79>
?forgetme
- [00:08:40] <jibot>
I have expunged chowells79 from my mind
- [00:10:46] * whateley (n=whateley@S01060013463ece73.ed.shawcable.net) has joined #openid
- [00:30:22] * xlarrydrebes (n=xlarrydr@h460799f6.area7.spcsdns.net) Quit (Read error: 104 (Connection reset by peer))
- [00:36:32] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) has joined #openid
- [01:00:44] * cygnus (n=cygnus@www.cprogrammer.org) Quit ("Download Gaim: http://gaim.sourceforge.net/")
- [01:04:08] <don-o>
in 12 short months you too can be a janrain idler
- [01:19:16] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) has joined #openid
- [01:27:28] * mpg4 (n=mpg4@c-71-236-228-127.hsd1.or.comcast.net) Quit ("Leaving")
- [02:31:50] * xlarrydrebes (n=xlarrydr@c-71-56-130-115.hsd1.wa.comcast.net) has joined #openid
- [02:31:50] <jibot>
xlarrydrebes is yet another Janrain idler.
- [02:57:56] * veeliam (n=veeliam@207.111.253.74) has joined #openid
- [03:18:53] * shigeta_ (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) has joined #openid
- [03:31:14] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
- [03:37:51] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) Quit (Read error: 110 (Connection timed out))
- [04:14:46] * grantmonroe (n=grant@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 113 (No route to host))
- [05:02:05] * veeliam_ (n=veeliam@207.111.252.10) has joined #openid
- [05:18:32] * veeliam (n=veeliam@207.111.253.74) Quit (Read error: 110 (Connection timed out))
- [05:40:13] * Osurac (n=mikeg@adsl-230-20-46.hsv.bellsouth.net) Quit (Read error: 104 (Connection reset by peer))
- [06:11:22] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (Read error: 110 (Connection timed out))
- [06:21:22] * jdub (n=jdub@home.waugh.id.au) Quit (kornbluth.freenode.net irc.freenode.net)
- [06:33:32] * veeliam_ (n=veeliam@207.111.252.10) has left #openid
- [07:44:19] * tnarg (n=grant@67.189.77.55) has joined #openid
- [07:57:43] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [08:06:15] * tnarg (n=grant@67.189.77.55) Quit ("This computer has gone to sleep")
- [08:17:57] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) has joined #openid
- [08:29:09] * docgnome (n=user@64-40-57-37.nocharge.com) has joined #openid
- [08:35:54] * shigeta_ (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) Quit (Read error: 110 (Connection timed out))
- [08:41:59] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) Quit ("This computer has gone to sleep")
- [09:05:56] * docgnome (n=user@64-40-57-37.nocharge.com) Quit ("Zzzzz...")
- [09:39:09] * jdub (n=jdub@home.waugh.id.au) has joined #openid
- [09:46:48] * whateley (n=whateley@S01060013463ece73.ed.shawcable.net) Quit (Read error: 110 (Connection timed out))
- [11:47:00] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) Quit (Read error: 110 (Connection timed out))
- [11:50:52] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
- [11:51:05] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
- [13:08:38] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [13:08:42] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [13:08:53] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
- [13:51:00] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) Quit ("Leaving...")
- [14:49:28] * xlarrydrebes (n=xlarrydr@c-71-56-130-115.hsd1.wa.comcast.net) Quit ()
- [14:58:26] * cote (n=cote@adsl-71-145-205-86.dsl.austtx.sbcglobal.net) Quit ()
- [15:30:44] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
- [15:39:14] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [15:39:14] <jibot>
xlarrydrebes is yet another Janrain idler.
- [16:02:23] * whateley (n=whateley@S01060013463ece73.ed.shawcable.net) has joined #openid
- [16:07:32] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (Read error: 113 (No route to host))
- [16:07:52] * mpg4 (n=mpg4@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [16:56:00] * rokerr (n=rowan@38.99.162.188) has joined #openid
- [17:07:50] * rokerr (n=rowan@38.99.162.188) has left #openid
- [17:08:00] * cygnus (n=cygnus@www.cprogrammer.org) has joined #openid
- [17:08:00] <jibot>
cygnus is WorkerBee(name="Jonathan Daugherty", company="JanRain, Inc.")
- [17:10:45] * rkerr (n=rowan@38.99.162.188) has joined #openid
- [17:15:01] * newtMcKerr (n=newtMcKe@osuosl/staff/newtMcKerr) has joined #openid
- [17:46:23] * rkerr (n=rowan@38.99.162.188) has left #openid
- [17:52:05] * tnarg (n=grant@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [17:54:12] * cygnus (n=cygnus@www.cprogrammer.org) Quit ("Download Gaim: http://gaim.sourceforge.net/")
- [17:56:45] <gchaix>
newtMcKerr: Hey ... was it jyt.com you were talking about? Or do I just have some weird mental block about the domain name?
- [17:59:45] * fo0bar (i=fo0bar@feh.colobox.com) Quit ("Reconnecting")
- [17:59:51] * fo0bar (i=fo0bar@feh.colobox.com) has joined #openid
- [18:06:30] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit ()
- [18:06:53] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [18:07:46] <keturn>
gchaix: add an 'e' to the end of that
- [18:08:04] <gchaix>
aaah
- [18:08:17] <mpg4>
jyt.come?
- [18:08:27] <mpg4>
:)
- [18:11:46] * gchaix votes down newtMcKerr's darts skill
- [18:22:23] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [18:29:04] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) Quit (kornbluth.freenode.net irc.freenode.net)
- [18:29:04] * gregh (i=gregh@dazed.notslacker.com) Quit (kornbluth.freenode.net irc.freenode.net)
- [18:29:04] * chimprawk (n=chimpraw@cpe-071-065-206-202.nc.res.rr.com) Quit (kornbluth.freenode.net irc.freenode.net)
- [18:35:38] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) has joined #openid
- [18:35:38] * gregh (i=gregh@dazed.notslacker.com) has joined #openid
- [18:35:38] * chimprawk (n=chimpraw@cpe-071-065-206-202.nc.res.rr.com) has joined #openid
- [18:36:59] * tnarg (n=grant@c-71-236-228-127.hsd1.or.comcast.net) Quit ("Leaving")
- [18:58:25] * hikari_esblogger (n=hikari_e@host86-128-231-120.range86-128.btcentralplus.com) has joined #openid
- [19:01:08] * cygnus (n=cygnus@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [19:01:08] <jibot>
cygnus is WorkerBee(name="Jonathan Daugherty", company="JanRain, Inc.")
- [19:02:57] * cote (n=cote@71.145.205.86) has joined #openid
- [19:03:04] <zirpu>
jibot, sing
- [19:11:05] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) Quit (Read error: 110 (Connection timed out))
- [19:22:32] * wizard545 (i=wizard54@c-67-163-240-184.hsd1.oh.comcast.net) Quit ()
- [19:23:50] * wizard545 (n=jon@64.13.224.20) has joined #openid
- [19:24:14] * wizard545 (n=jon@64.13.224.20) has left #openid
- [19:34:15] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) Quit ("This computer has gone to sleep")
- [19:41:56] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [20:48:40] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit ()
- [20:49:55] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [21:16:38] * xlarrydrebes_ (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [21:16:38] <jibot>
xlarrydrebes_ is icechat's dirty little nuisance.
- [21:22:25] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [21:34:13] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
- [22:25:04] * whitehat (n=whitehat@unaffiliated/whitehat) has joined #openid
- [22:28:57] <whitehat>
hello. does anyone know about the openid drupal code located at svn.bryght.com and if it works under drupal 5.0?
- [22:36:06] * wizard545 (i=wizard54@c-67-163-240-184.hsd1.oh.comcast.net) has joined #openid
- [22:41:56] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
- [22:41:56] <jibot>
xlarrydrebes is yet another Janrain idler.
- [22:53:44] * Flenser (n=Miranda@twiki/developer/SamHasler) has joined #openid
- [22:55:26] <Flenser>
I've been wondering what the difference is between me changing my IdP and someone hacking my website to point to a different IdP, and I can't seem to find an answer anywhere
- [22:55:49] * Jimse (i=jimse@nat/novell/x-a53b35774e17614c) has joined #openid
- [22:55:58] <wizard545>
Flenser hmm? explain
- [22:56:39] <whitehat>
does anyone know about the openid drupal code located at svn.bryght.com and if it works under drupal 5.0?
- [22:57:12] <Flenser>
well if someone hacks my website and changes my headers to point to a different IdP how would an RP that I've already authorised tell the difference if the hacker then tried to identify themselves as me
- [22:58:05] <wizard545>
Flenser honestly, i'm not sure
- [22:58:34] * xlarrydrebes_ (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
- [22:58:53] <wizard545>
Flenser are you planning on getting hacked?
- [22:59:11] <cygnus>
whitehat: AFAIK none of the bryght guys are here.
- [22:59:16] <Flenser>
websites get hacked all the time, that's why it worries me
- [22:59:27] <cygnus>
whitehat: and the code *ought* to indicate somehow which verison(s) of Drupal it works with.
- [22:59:36] <wizard545>
whitehat https://svn.bryght.com/dev/browser/openid/drupal-5.0?rev=416 looks like 5.0 to me
- [23:00:03] <whitehat>
wizard545: yes, it is 5.0 but I can get it through svn. i'm getting errors from svn
- [23:00:13] <whitehat>
ideas?
- [23:00:19] <wizard545>
what errors
- [23:00:24] <cygnus>
whitehat: does bryght.com host any information on accessing its SVN?
- [23:00:33] <whitehat>
svn: PROPFIND request failed on '/dev/browser/openid/drupal-5.0'
- [23:00:48] <cygnus>
sounds like it's not a valid SVN checkout URL
- [23:00:50] <whitehat>
cygnus: i didn't see any
- [23:00:52] <cygnus>
i.e., it's only for browsing
- [23:01:03] <whitehat>
cygnus: :-(
- [23:01:20] <wizard545>
cygnus try and export it with svn instead of checkout
- [23:01:26] <wizard545>
err whitehat
- [23:01:29] <cygnus>
:)
- [23:01:35] <whitehat>
what????
- [23:01:50] <wizard545>
http://svnbook.red-bean.com/en/1.0/re10.html
- [23:02:03] <wizard545>
The first form exports a clean directory tree from the repository specified by URL, at revision REV if it is given, otherwise at HEAD, into PATH. If PATH is omitted, the last component of the URL is used for the local directory name.
- [23:02:31] <whitehat>
k. i'll try
- [23:02:49] <whitehat>
i originally just used svn checkout <url> .
- [23:02:58] <whitehat>
and received the PROPFIND error
- [23:03:22] <wizard545>
Flenser why don't you use a IDP directly? do you want the *.youdomain.com? or for some other reason?
- [23:03:43] <wizard545>
whitehat yea but export just copies it doesn't request a checkout
- [23:03:52] <Flenser>
I want the flexability of being able to switch my IdP
- [23:03:59] <wizard545>
ah
- [23:04:00] <whitehat>
wizard545: ah, and thus the error! :-)
- [23:04:12] <wizard545>
whitehat did it work for you?
- [23:04:27] <whitehat>
i'm looking for the URL again. wait...
- [23:04:52] <wizard545>
Flenser honestly i'm not sure about the security of it, someone else might know. but unlikely at best
- [23:04:59] <Flenser>
and I don't trust myself to be able to secure my own website :)
- [23:05:35] <wizard545>
Flenser the worst that could happen is that they access your things for a minute until you realize it's hacked
- [23:05:36] <whitehat>
svn export https://svn.bryght.com/dev/browser/openid/drupal-5.0 . still produced the PROPFIND error
- [23:05:45] <cygnus>
wizard545: no.
- [23:05:46] <wizard545>
whitehat give me a sec
- [23:05:55] <wizard545>
cygnus hmm?
- [23:05:56] <whitehat>
i have no rush on this
- [23:06:10] <cygnus>
wizard545: "for a minute"/
- [23:06:11] <cygnus>
?
- [23:06:44] <wizard545>
cygnus for as long as the server is hacked, he still controls the domain, they can't take it forever like a password
- [23:07:08] <cygnus>
it's true, but don't you suppose an impersonator could do *other* things in the mean time? on those various RP sites?
- [23:07:19] <cygnus>
like... change the identifier used to access an account?
- [23:07:22] <cygnus>
change personal details?
- [23:07:26] <cygnus>
post inflammatory material?
- [23:08:25] <Flenser>
you'd hope that any RP that I had a commercial relationship with would require another independant level of authorisation before allowing a transation
- [23:08:54] <wizard545>
Flenser ecommerce isn't really an option with openid yet
- [23:09:09] <wizard545>
Flenser i dunno though, their's always a risk
- [23:09:11] <cygnus>
Flenser: yes
- [23:09:15] <Flenser>
not yet, but it will be at some point
- [23:09:40] <wizard545>
Flenser of course, and an extra level of security will have to be implemented
- [23:09:51] <cygnus>
Flenser: you're right in that you need to entrust the hosting of your identity to a secure party. Maybe you learn what you need to learn and that party is you, or maybe it's an identity delegation service, or maybe you don't assume you'll ever change IdPs.
- [23:10:55] <Flenser>
the most annoying thing would be that while my IdP endpoint is redirected I have no idea what my identity is doing
- [23:12:25] <_keturn>
but is this any worse than what happens today if someone hacks a website and gets your password?
- [23:12:31] <whitehat>
wizard545: i found the problem
- [23:13:13] <wizard545>
whitehat what was it
- [23:13:16] <whitehat>
wizard545: I replaced "browser" with "svn" as in svn co https://svn.bryght.com/dev/svn/openid/drupal-5.0 .
- [23:13:19] <Flenser>
yes, because they're not just getting one website, they're getting every website they know I use that identity on
- [23:13:22] <wizard545>
ahhh
- [23:13:45] <whitehat>
wizard545: and it worked. https://svn.bryght.com/dev/wiki/PublicRepository is their reference to how to checkout from svn
- [23:13:55] <whitehat>
wizard545: :-)
- [23:13:56] <Flenser>
assuming the IdP it gets redirected to is legit, it would be nice if there was a way I could access my account on it once I regain control of my URL
- [23:14:18] <whitehat>
wizard545: thank you
- [23:14:32] * Jimse (i=jimse@nat/novell/x-a53b35774e17614c) has left #openid
- [23:15:31] <wizard545>
np
- [23:15:58] <wizard545>
Flenser if they hack your website, they probably have access to your email, in which they can send forgot password requests to themselves
- [23:17:04] <Flenser>
nah, I don't use my domain's email address, and now you've said that, I won't!
- [23:17:22] <wizard545>
i think it's a little unbelievable at this point that someone would go to the length of trouble to hack a webserver, redirect the idp then just happen to know exactly where you use the id, then do something malicious before you figure out that it's hacked
- [23:17:48] <wizard545>
it's possible, i don't feel it's any more of a problem than someone getting your password some-way
- [23:18:24] <cygnus>
wizard545: once identifiers are used everywhere in this fashion, that will probably be worth more.
- [23:18:35] <cygnus>
wizard545: it's not "trouble" if it has value.
- [23:18:57] <wizard545>
cygnus sure, but i think by then the openid community will have a fix for this
- [23:19:06] <cygnus>
wizard545: I can think of twenty reasons one might have to assume someone's identity.
- [23:19:30] <wizard545>
cygnus yea, but seriously, this would be the last thing i'd be worried about
- [23:19:35] <cygnus>
wizard545: the fix is to secure the delegation for an identifier (i.e. to secure the server that hosts the delegation information)
- [23:19:40] <Flenser>
I'm guessing it's a lot easier to hack a website than to get a password, the attack surface is vast
- [23:20:20] <wizard545>
Flenser the attack surface is just as big on the site using openid
- [23:20:32] <wizard545>
maybe you should stop all internet authentication
- [23:20:39] <Flenser>
no it isn't
- [23:21:00] <cygnus>
wizard545: with the caveat that exploiting the RP doesn't buy you access to other sites with that same identifier
- [23:21:32] <wizard545>
cygnus you could do something like domains do, tranfering the ownership of a user
- [23:21:33] <Flenser>
the number of sites doing delegation will be orders of magnitude larger than the number of IdP and goodness knows that scripts and services they will have running on them
- [23:21:49] * cygnus nods.
- [23:22:31] <wizard545>
i think that after a site is logged into once, it stores the end-point idp, and only allows it to be transferred with a password
- [23:23:01] <cygnus>
wizard545: transfer of ownership varies on a per-site basis
- [23:23:05] <wizard545>
or a request sent from the old idp (that allows it to be changed)
- [23:23:08] <cygnus>
wizard545: not all RP software even supports it
- [23:23:11] <Flenser>
what password though?
- [23:23:27] <cygnus>
indeed.
- [23:23:30] <wizard545>
Flenser forget the pass, could do it like domains, one has to let go before the other grabs hold
- [23:23:40] <cygnus>
...
- [23:24:09] <Flenser>
that's what I was expecting, but I didn't see any of the security stuff in the spec address it
- [23:24:33] <wizard545>
Flenser just not old enough yet, it'll be there, you should see the mailing lists, crazy amount of traffic
- [23:26:24] <Flenser>
I suppose in time they might implement something so that if I do change my IdP there will be a simple way to transfer all my trust relationships to the new IdP
- [23:26:41] <wizard545>
yea
- [23:27:30] <Flenser>
can RPs get IdP's to store data for them?
- [23:27:50] <cygnus>
no.
- [23:28:06] <Flenser>
I was thinking it would be a neat way to share data between websites
- [23:28:24] <cygnus>
the sharing is currently one-way in the form of simple registration data.
- [23:28:35] <Flenser>
like, avatars, signatures, etc
- [23:28:47] <cygnus>
but with the development of OpenID 2, there isn't anything stopping anyone from doing "data transfers" using the protoicol.
- [23:28:50] <cygnus>
s/i//
- [23:29:15] <cygnus>
but the question is, should the IdP become the dumping ground for all that information?
- [23:29:24] <cygnus>
it makes IdP-switching that much more painful.
- [23:29:46] <Flenser>
I was thinking that websites that provide the same service could use OpenID to allow you to switch between them seemlessly, taking all your data with you
- [23:30:28] <Flenser>
for example, a to-do list website
- [23:31:51] <Flenser>
if I don't like the way my current to-do list website works I could just switch to another if all my data was stored by my IdP
- [23:32:22] <cygnus>
but that will only work until the to-do list sites of the world cannot agree on a common schema for "to-do list data" to work with your IdP.
- [23:33:47] <Flenser>
the to-do list websites would have to work that out amoungst themselves but I'm assuming there would be a standard way to interact with IdP that support data storage
- [23:34:22] <Flenser>
the benefit to people creating websites would be reduced storage needs, albeit with increased bandwidth costs.
- [23:34:30] <cygnus>
well, the key to "taking data with you" to "another service" is a common schema
- [23:34:39] <cygnus>
so storage on the IdP is not the hard part.
- [23:34:46] <cygnus>
regardless of whether it's the right thing to do.
- [23:35:13] <cygnus>
but I digress. I have to get back to work. :)
- [23:37:41] <Flenser>
I'm thinking it would make it easier to start up an AJAX web service without having to worry about central storeage. You could give out the server code and get people to run it on any number of sites to spread your users around
- [23:38:07] <Flenser>
spreading around the bandwith costs as well
- [23:41:13] * mpg4 (n=mpg4@c-71-236-228-127.hsd1.or.comcast.net) has left #openid
- [23:55:52] * whiteha1 (n=whitehat@d150-207-245.home.cgocable.net) has joined #openid
These logs were automatically created by OpenIDlogbot on
chat.freenode.net
using a modified version of the Java IRC LogBot.