IRC Log for #openid on 2007-01-25

Timestamps are in UTC.

  1. [00:02:41] <cygnus> myren_: ?
  2. [00:02:50] <myren_> xlarrydrebes's announcement
  3. [00:04:56] <cygnus> that wasn't his
  4. [00:04:59] <cygnus> that was done by the bot. :)
  5. [00:05:44] <myren_> yeah i saw that, thats why i commented
  6. [00:05:58] <myren_> just seemed amusing. and random.
  7. [00:06:16] * mpg4 wishes *he* was a janrain idler...
  8. [00:06:42] <cygnus> hah
  9. [00:08:40] <chowells79> ?forgetme
  10. [00:08:40] <jibot> I have expunged chowells79 from my mind
  11. [00:10:46] * whateley (n=whateley@S01060013463ece73.ed.shawcable.net) has joined #openid
  12. [00:30:22] * xlarrydrebes (n=xlarrydr@h460799f6.area7.spcsdns.net) Quit (Read error: 104 (Connection reset by peer))
  13. [00:36:32] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) has joined #openid
  14. [01:00:44] * cygnus (n=cygnus@www.cprogrammer.org) Quit ("Download Gaim: http://gaim.sourceforge.net/")
  15. [01:04:08] <don-o> in 12 short months you too can be a janrain idler
  16. [01:19:16] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) has joined #openid
  17. [01:27:28] * mpg4 (n=mpg4@c-71-236-228-127.hsd1.or.comcast.net) Quit ("Leaving")
  18. [02:31:50] * xlarrydrebes (n=xlarrydr@c-71-56-130-115.hsd1.wa.comcast.net) has joined #openid
  19. [02:31:50] <jibot> xlarrydrebes is yet another Janrain idler.
  20. [02:57:56] * veeliam (n=veeliam@207.111.253.74) has joined #openid
  21. [03:18:53] * shigeta_ (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) has joined #openid
  22. [03:31:14] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
  23. [03:37:51] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) Quit (Read error: 110 (Connection timed out))
  24. [04:14:46] * grantmonroe (n=grant@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 113 (No route to host))
  25. [05:02:05] * veeliam_ (n=veeliam@207.111.252.10) has joined #openid
  26. [05:18:32] * veeliam (n=veeliam@207.111.253.74) Quit (Read error: 110 (Connection timed out))
  27. [05:40:13] * Osurac (n=mikeg@adsl-230-20-46.hsv.bellsouth.net) Quit (Read error: 104 (Connection reset by peer))
  28. [06:11:22] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (Read error: 110 (Connection timed out))
  29. [06:21:22] * jdub (n=jdub@home.waugh.id.au) Quit (kornbluth.freenode.net irc.freenode.net)
  30. [06:33:32] * veeliam_ (n=veeliam@207.111.252.10) has left #openid
  31. [07:44:19] * tnarg (n=grant@67.189.77.55) has joined #openid
  32. [07:57:43] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  33. [08:06:15] * tnarg (n=grant@67.189.77.55) Quit ("This computer has gone to sleep")
  34. [08:17:57] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) has joined #openid
  35. [08:29:09] * docgnome (n=user@64-40-57-37.nocharge.com) has joined #openid
  36. [08:35:54] * shigeta_ (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) Quit (Read error: 110 (Connection timed out))
  37. [08:41:59] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) Quit ("This computer has gone to sleep")
  38. [09:05:56] * docgnome (n=user@64-40-57-37.nocharge.com) Quit ("Zzzzz...")
  39. [09:39:09] * jdub (n=jdub@home.waugh.id.au) has joined #openid
  40. [09:46:48] * whateley (n=whateley@S01060013463ece73.ed.shawcable.net) Quit (Read error: 110 (Connection timed out))
  41. [11:47:00] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) Quit (Read error: 110 (Connection timed out))
  42. [11:50:52] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  43. [11:51:05] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  44. [13:08:38] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  45. [13:08:42] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  46. [13:08:53] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
  47. [13:51:00] * shigeta (n=shigeta@124x32x114x226.ap124.ftth.ucom.ne.jp) Quit ("Leaving...")
  48. [14:49:28] * xlarrydrebes (n=xlarrydr@c-71-56-130-115.hsd1.wa.comcast.net) Quit ()
  49. [14:58:26] * cote (n=cote@adsl-71-145-205-86.dsl.austtx.sbcglobal.net) Quit ()
  50. [15:30:44] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
  51. [15:39:14] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  52. [15:39:14] <jibot> xlarrydrebes is yet another Janrain idler.
  53. [16:02:23] * whateley (n=whateley@S01060013463ece73.ed.shawcable.net) has joined #openid
  54. [16:07:32] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (Read error: 113 (No route to host))
  55. [16:07:52] * mpg4 (n=mpg4@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  56. [16:56:00] * rokerr (n=rowan@38.99.162.188) has joined #openid
  57. [17:07:50] * rokerr (n=rowan@38.99.162.188) has left #openid
  58. [17:08:00] * cygnus (n=cygnus@www.cprogrammer.org) has joined #openid
  59. [17:08:00] <jibot> cygnus is WorkerBee(name="Jonathan Daugherty", company="JanRain, Inc.")
  60. [17:10:45] * rkerr (n=rowan@38.99.162.188) has joined #openid
  61. [17:15:01] * newtMcKerr (n=newtMcKe@osuosl/staff/newtMcKerr) has joined #openid
  62. [17:46:23] * rkerr (n=rowan@38.99.162.188) has left #openid
  63. [17:52:05] * tnarg (n=grant@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  64. [17:54:12] * cygnus (n=cygnus@www.cprogrammer.org) Quit ("Download Gaim: http://gaim.sourceforge.net/")
  65. [17:56:45] <gchaix> newtMcKerr: Hey ... was it jyt.com you were talking about? Or do I just have some weird mental block about the domain name?
  66. [17:59:45] * fo0bar (i=fo0bar@feh.colobox.com) Quit ("Reconnecting")
  67. [17:59:51] * fo0bar (i=fo0bar@feh.colobox.com) has joined #openid
  68. [18:06:30] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit ()
  69. [18:06:53] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  70. [18:07:46] <keturn> gchaix: add an 'e' to the end of that
  71. [18:08:04] <gchaix> aaah
  72. [18:08:17] <mpg4> jyt.come?
  73. [18:08:27] <mpg4> :)
  74. [18:11:46] * gchaix votes down newtMcKerr's darts skill
  75. [18:22:23] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  76. [18:29:04] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) Quit (kornbluth.freenode.net irc.freenode.net)
  77. [18:29:04] * gregh (i=gregh@dazed.notslacker.com) Quit (kornbluth.freenode.net irc.freenode.net)
  78. [18:29:04] * chimprawk (n=chimpraw@cpe-071-065-206-202.nc.res.rr.com) Quit (kornbluth.freenode.net irc.freenode.net)
  79. [18:35:38] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) has joined #openid
  80. [18:35:38] * gregh (i=gregh@dazed.notslacker.com) has joined #openid
  81. [18:35:38] * chimprawk (n=chimpraw@cpe-071-065-206-202.nc.res.rr.com) has joined #openid
  82. [18:36:59] * tnarg (n=grant@c-71-236-228-127.hsd1.or.comcast.net) Quit ("Leaving")
  83. [18:58:25] * hikari_esblogger (n=hikari_e@host86-128-231-120.range86-128.btcentralplus.com) has joined #openid
  84. [19:01:08] * cygnus (n=cygnus@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  85. [19:01:08] <jibot> cygnus is WorkerBee(name="Jonathan Daugherty", company="JanRain, Inc.")
  86. [19:02:57] * cote (n=cote@71.145.205.86) has joined #openid
  87. [19:03:04] <zirpu> jibot, sing
  88. [19:11:05] * j3h (n=j3h@c-24-21-174-195.hsd1.mn.comcast.net) Quit (Read error: 110 (Connection timed out))
  89. [19:22:32] * wizard545 (i=wizard54@c-67-163-240-184.hsd1.oh.comcast.net) Quit ()
  90. [19:23:50] * wizard545 (n=jon@64.13.224.20) has joined #openid
  91. [19:24:14] * wizard545 (n=jon@64.13.224.20) has left #openid
  92. [19:34:15] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) Quit ("This computer has gone to sleep")
  93. [19:41:56] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  94. [20:48:40] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit ()
  95. [20:49:55] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  96. [21:16:38] * xlarrydrebes_ (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  97. [21:16:38] <jibot> xlarrydrebes_ is icechat's dirty little nuisance.
  98. [21:22:25] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  99. [21:34:13] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  100. [22:25:04] * whitehat (n=whitehat@unaffiliated/whitehat) has joined #openid
  101. [22:28:57] <whitehat> hello. does anyone know about the openid drupal code located at svn.bryght.com and if it works under drupal 5.0?
  102. [22:36:06] * wizard545 (i=wizard54@c-67-163-240-184.hsd1.oh.comcast.net) has joined #openid
  103. [22:41:56] * xlarrydrebes (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  104. [22:41:56] <jibot> xlarrydrebes is yet another Janrain idler.
  105. [22:53:44] * Flenser (n=Miranda@twiki/developer/SamHasler) has joined #openid
  106. [22:55:26] <Flenser> I've been wondering what the difference is between me changing my IdP and someone hacking my website to point to a different IdP, and I can't seem to find an answer anywhere
  107. [22:55:49] * Jimse (i=jimse@nat/novell/x-a53b35774e17614c) has joined #openid
  108. [22:55:58] <wizard545> Flenser hmm? explain
  109. [22:56:39] <whitehat> does anyone know about the openid drupal code located at svn.bryght.com and if it works under drupal 5.0?
  110. [22:57:12] <Flenser> well if someone hacks my website and changes my headers to point to a different IdP how would an RP that I've already authorised tell the difference if the hacker then tried to identify themselves as me
  111. [22:58:05] <wizard545> Flenser honestly, i'm not sure
  112. [22:58:34] * xlarrydrebes_ (n=xlarrydr@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  113. [22:58:53] <wizard545> Flenser are you planning on getting hacked?
  114. [22:59:11] <cygnus> whitehat: AFAIK none of the bryght guys are here.
  115. [22:59:16] <Flenser> websites get hacked all the time, that's why it worries me
  116. [22:59:27] <cygnus> whitehat: and the code *ought* to indicate somehow which verison(s) of Drupal it works with.
  117. [22:59:36] <wizard545> whitehat https://svn.bryght.com/dev/browser/openid/drupal-5.0?rev=416 looks like 5.0 to me
  118. [23:00:03] <whitehat> wizard545: yes, it is 5.0 but I can get it through svn. i'm getting errors from svn
  119. [23:00:13] <whitehat> ideas?
  120. [23:00:19] <wizard545> what errors
  121. [23:00:24] <cygnus> whitehat: does bryght.com host any information on accessing its SVN?
  122. [23:00:33] <whitehat> svn: PROPFIND request failed on '/dev/browser/openid/drupal-5.0'
  123. [23:00:48] <cygnus> sounds like it's not a valid SVN checkout URL
  124. [23:00:50] <whitehat> cygnus: i didn't see any
  125. [23:00:52] <cygnus> i.e., it's only for browsing
  126. [23:01:03] <whitehat> cygnus: :-(
  127. [23:01:20] <wizard545> cygnus try and export it with svn instead of checkout
  128. [23:01:26] <wizard545> err whitehat
  129. [23:01:29] <cygnus> :)
  130. [23:01:35] <whitehat> what????
  131. [23:01:50] <wizard545> http://svnbook.red-bean.com/en/1.0/re10.html
  132. [23:02:03] <wizard545> The first form exports a clean directory tree from the repository specified by URL, at revision REV if it is given, otherwise at HEAD, into PATH. If PATH is omitted, the last component of the URL is used for the local directory name.
  133. [23:02:31] <whitehat> k. i'll try
  134. [23:02:49] <whitehat> i originally just used svn checkout <url> .
  135. [23:02:58] <whitehat> and received the PROPFIND error
  136. [23:03:22] <wizard545> Flenser why don't you use a IDP directly? do you want the *.youdomain.com? or for some other reason?
  137. [23:03:43] <wizard545> whitehat yea but export just copies it doesn't request a checkout
  138. [23:03:52] <Flenser> I want the flexability of being able to switch my IdP
  139. [23:03:59] <wizard545> ah
  140. [23:04:00] <whitehat> wizard545: ah, and thus the error! :-)
  141. [23:04:12] <wizard545> whitehat did it work for you?
  142. [23:04:27] <whitehat> i'm looking for the URL again. wait...
  143. [23:04:52] <wizard545> Flenser honestly i'm not sure about the security of it, someone else might know. but unlikely at best
  144. [23:04:59] <Flenser> and I don't trust myself to be able to secure my own website :)
  145. [23:05:35] <wizard545> Flenser the worst that could happen is that they access your things for a minute until you realize it's hacked
  146. [23:05:36] <whitehat> svn export https://svn.bryght.com/dev/browser/openid/drupal-5.0 . still produced the PROPFIND error
  147. [23:05:45] <cygnus> wizard545: no.
  148. [23:05:46] <wizard545> whitehat give me a sec
  149. [23:05:55] <wizard545> cygnus hmm?
  150. [23:05:56] <whitehat> i have no rush on this
  151. [23:06:10] <cygnus> wizard545: "for a minute"/
  152. [23:06:11] <cygnus> ?
  153. [23:06:44] <wizard545> cygnus for as long as the server is hacked, he still controls the domain, they can't take it forever like a password
  154. [23:07:08] <cygnus> it's true, but don't you suppose an impersonator could do *other* things in the mean time? on those various RP sites?
  155. [23:07:19] <cygnus> like... change the identifier used to access an account?
  156. [23:07:22] <cygnus> change personal details?
  157. [23:07:26] <cygnus> post inflammatory material?
  158. [23:08:25] <Flenser> you'd hope that any RP that I had a commercial relationship with would require another independant level of authorisation before allowing a transation
  159. [23:08:54] <wizard545> Flenser ecommerce isn't really an option with openid yet
  160. [23:09:09] <wizard545> Flenser i dunno though, their's always a risk
  161. [23:09:11] <cygnus> Flenser: yes
  162. [23:09:15] <Flenser> not yet, but it will be at some point
  163. [23:09:40] <wizard545> Flenser of course, and an extra level of security will have to be implemented
  164. [23:09:51] <cygnus> Flenser: you're right in that you need to entrust the hosting of your identity to a secure party. Maybe you learn what you need to learn and that party is you, or maybe it's an identity delegation service, or maybe you don't assume you'll ever change IdPs.
  165. [23:10:55] <Flenser> the most annoying thing would be that while my IdP endpoint is redirected I have no idea what my identity is doing
  166. [23:12:25] <_keturn> but is this any worse than what happens today if someone hacks a website and gets your password?
  167. [23:12:31] <whitehat> wizard545: i found the problem
  168. [23:13:13] <wizard545> whitehat what was it
  169. [23:13:16] <whitehat> wizard545: I replaced "browser" with "svn" as in svn co https://svn.bryght.com/dev/svn/openid/drupal-5.0 .
  170. [23:13:19] <Flenser> yes, because they're not just getting one website, they're getting every website they know I use that identity on
  171. [23:13:22] <wizard545> ahhh
  172. [23:13:45] <whitehat> wizard545: and it worked. https://svn.bryght.com/dev/wiki/PublicRepository is their reference to how to checkout from svn
  173. [23:13:55] <whitehat> wizard545: :-)
  174. [23:13:56] <Flenser> assuming the IdP it gets redirected to is legit, it would be nice if there was a way I could access my account on it once I regain control of my URL
  175. [23:14:18] <whitehat> wizard545: thank you
  176. [23:14:32] * Jimse (i=jimse@nat/novell/x-a53b35774e17614c) has left #openid
  177. [23:15:31] <wizard545> np
  178. [23:15:58] <wizard545> Flenser if they hack your website, they probably have access to your email, in which they can send forgot password requests to themselves
  179. [23:17:04] <Flenser> nah, I don't use my domain's email address, and now you've said that, I won't!
  180. [23:17:22] <wizard545> i think it's a little unbelievable at this point that someone would go to the length of trouble to hack a webserver, redirect the idp then just happen to know exactly where you use the id, then do something malicious before you figure out that it's hacked
  181. [23:17:48] <wizard545> it's possible, i don't feel it's any more of a problem than someone getting your password some-way
  182. [23:18:24] <cygnus> wizard545: once identifiers are used everywhere in this fashion, that will probably be worth more.
  183. [23:18:35] <cygnus> wizard545: it's not "trouble" if it has value.
  184. [23:18:57] <wizard545> cygnus sure, but i think by then the openid community will have a fix for this
  185. [23:19:06] <cygnus> wizard545: I can think of twenty reasons one might have to assume someone's identity.
  186. [23:19:30] <wizard545> cygnus yea, but seriously, this would be the last thing i'd be worried about
  187. [23:19:35] <cygnus> wizard545: the fix is to secure the delegation for an identifier (i.e. to secure the server that hosts the delegation information)
  188. [23:19:40] <Flenser> I'm guessing it's a lot easier to hack a website than to get a password, the attack surface is vast
  189. [23:20:20] <wizard545> Flenser the attack surface is just as big on the site using openid
  190. [23:20:32] <wizard545> maybe you should stop all internet authentication
  191. [23:20:39] <Flenser> no it isn't
  192. [23:21:00] <cygnus> wizard545: with the caveat that exploiting the RP doesn't buy you access to other sites with that same identifier
  193. [23:21:32] <wizard545> cygnus you could do something like domains do, tranfering the ownership of a user
  194. [23:21:33] <Flenser> the number of sites doing delegation will be orders of magnitude larger than the number of IdP and goodness knows that scripts and services they will have running on them
  195. [23:21:49] * cygnus nods.
  196. [23:22:31] <wizard545> i think that after a site is logged into once, it stores the end-point idp, and only allows it to be transferred with a password
  197. [23:23:01] <cygnus> wizard545: transfer of ownership varies on a per-site basis
  198. [23:23:05] <wizard545> or a request sent from the old idp (that allows it to be changed)
  199. [23:23:08] <cygnus> wizard545: not all RP software even supports it
  200. [23:23:11] <Flenser> what password though?
  201. [23:23:27] <cygnus> indeed.
  202. [23:23:30] <wizard545> Flenser forget the pass, could do it like domains, one has to let go before the other grabs hold
  203. [23:23:40] <cygnus> ...
  204. [23:24:09] <Flenser> that's what I was expecting, but I didn't see any of the security stuff in the spec address it
  205. [23:24:33] <wizard545> Flenser just not old enough yet, it'll be there, you should see the mailing lists, crazy amount of traffic
  206. [23:26:24] <Flenser> I suppose in time they might implement something so that if I do change my IdP there will be a simple way to transfer all my trust relationships to the new IdP
  207. [23:26:41] <wizard545> yea
  208. [23:27:30] <Flenser> can RPs get IdP's to store data for them?
  209. [23:27:50] <cygnus> no.
  210. [23:28:06] <Flenser> I was thinking it would be a neat way to share data between websites
  211. [23:28:24] <cygnus> the sharing is currently one-way in the form of simple registration data.
  212. [23:28:35] <Flenser> like, avatars, signatures, etc
  213. [23:28:47] <cygnus> but with the development of OpenID 2, there isn't anything stopping anyone from doing "data transfers" using the protoicol.
  214. [23:28:50] <cygnus> s/i//
  215. [23:29:15] <cygnus> but the question is, should the IdP become the dumping ground for all that information?
  216. [23:29:24] <cygnus> it makes IdP-switching that much more painful.
  217. [23:29:46] <Flenser> I was thinking that websites that provide the same service could use OpenID to allow you to switch between them seemlessly, taking all your data with you
  218. [23:30:28] <Flenser> for example, a to-do list website
  219. [23:31:51] <Flenser> if I don't like the way my current to-do list website works I could just switch to another if all my data was stored by my IdP
  220. [23:32:22] <cygnus> but that will only work until the to-do list sites of the world cannot agree on a common schema for "to-do list data" to work with your IdP.
  221. [23:33:47] <Flenser> the to-do list websites would have to work that out amoungst themselves but I'm assuming there would be a standard way to interact with IdP that support data storage
  222. [23:34:22] <Flenser> the benefit to people creating websites would be reduced storage needs, albeit with increased bandwidth costs.
  223. [23:34:30] <cygnus> well, the key to "taking data with you" to "another service" is a common schema
  224. [23:34:39] <cygnus> so storage on the IdP is not the hard part.
  225. [23:34:46] <cygnus> regardless of whether it's the right thing to do.
  226. [23:35:13] <cygnus> but I digress. I have to get back to work. :)
  227. [23:37:41] <Flenser> I'm thinking it would make it easier to start up an AJAX web service without having to worry about central storeage. You could give out the server code and get people to run it on any number of sites to spread your users around
  228. [23:38:07] <Flenser> spreading around the bandwith costs as well
  229. [23:41:13] * mpg4 (n=mpg4@c-71-236-228-127.hsd1.or.comcast.net) has left #openid
  230. [23:55:52] * whiteha1 (n=whitehat@d150-207-245.home.cgocable.net) has joined #openid

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.