IRC Log for #openid on 2007-03-26

Timestamps are in UTC.

  1. [00:17:13] * shigeta (n=shigeta@124.32.114.226) has joined #openid
  2. [00:56:04] * bricas (n=bricas@CPE0011506c8049-CM0013711405ec.cpe.net.cable.rogers.com) Quit ("Chatzilla 0.9.77 [Firefox 2.0.0.2/0000000000]")
  3. [01:02:35] * Prometheus^ (n=Promethe@cs181170022.pp.htv.fi) Quit ()
  4. [02:15:07] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
  5. [03:34:06] * fajro is now known as fajrozzz
  6. [05:24:30] <GabeW> thats pretty funny
  7. [07:35:59] * idnar (i=mithrand@unaffiliated/idnar) Quit (Nick collision from services.)
  8. [07:36:10] * idnar_ (n=mithrand@unaffiliated/idnar) has joined #openid
  9. [07:55:52] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  10. [08:59:06] * epeus (n=KevinMar@h-68-164-93-9.snvacaid.dynamic.covad.net) has joined #openid
  11. [09:00:03] * KevinMarks (n=Snak@pdpc/supporter/active/kevinmarks) Quit ("switchin macs")
  12. [09:00:28] * epeus is now known as KevinMarks
  13. [09:11:44] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  14. [09:12:30] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) Quit (Read error: 110 (Connection timed out))
  15. [09:12:37] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) Quit (Read error: 110 (Connection timed out))
  16. [09:17:22] <bignose> keturn: I've just read <URL:http://moinmoin.wikiwikiweb.de/FeatureRequests/OpenIDSupport>
  17. [09:17:46] <bignose> any update on the weasel-eaten version of OpenID consumer support for MoinMoin?
  18. [10:27:41] * sid3windr (i=luser@bastard-operator.from-hell.be) has left #openid
  19. [10:27:58] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  20. [10:27:59] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  21. [10:28:10] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
  22. [11:03:44] * shackan (n=shackan@85-18-14-13.fastres.net) has joined #openid
  23. [11:05:19] <shackan> would it be possible to use OpenID for authentication within a peer to peer network ?
  24. [11:06:25] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) has joined #openid
  25. [11:36:09] * KevinMarks (n=KevinMar@pdpc/supporter/active/kevinmarks) Quit ("The computer fell asleep")
  26. [11:51:49] * bignose (n=bignose@eth595.vic.adsl.internode.on.net) Quit (brown.freenode.net irc.freenode.net)
  27. [11:51:49] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) Quit (brown.freenode.net irc.freenode.net)
  28. [11:51:49] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) Quit (brown.freenode.net irc.freenode.net)
  29. [11:51:49] * wcdevel (n=admin@user-12ldovf.cable.mindspring.com) Quit (brown.freenode.net irc.freenode.net)
  30. [11:51:49] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) Quit (brown.freenode.net irc.freenode.net)
  31. [11:51:49] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) Quit (brown.freenode.net irc.freenode.net)
  32. [11:51:49] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) Quit (brown.freenode.net irc.freenode.net)
  33. [11:51:49] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (brown.freenode.net irc.freenode.net)
  34. [11:51:49] * zirpu (n=zirpu@nefud.org) Quit (brown.freenode.net irc.freenode.net)
  35. [11:51:49] * shigeta (n=shigeta@124.32.114.226) Quit (brown.freenode.net irc.freenode.net)
  36. [11:51:49] * quellhorst (n=pro@unaffiliated/rend) Quit (brown.freenode.net irc.freenode.net)
  37. [11:51:49] * david`home (n=david@home.larlet.fr) Quit (brown.freenode.net irc.freenode.net)
  38. [11:51:49] * marcusramberg (n=marcus@195.159.95.163) Quit (brown.freenode.net irc.freenode.net)
  39. [11:51:49] * don-o (n=donp@206.163.122.98) Quit (brown.freenode.net irc.freenode.net)
  40. [11:51:49] * SIGFPE (i=djcapeli@blender/coder/DJCapelis) Quit (brown.freenode.net irc.freenode.net)
  41. [11:51:49] * dcorbin (n=dcorbin@adsl-068-209-008-148.sip.asm.bellsouth.net) Quit (brown.freenode.net irc.freenode.net)
  42. [11:51:49] * Akatemik (n=Akatemik@or8-112-3.tky.hut.fi) Quit (brown.freenode.net irc.freenode.net)
  43. [11:51:49] * myren_ (n=myren@63.231.83.177) Quit (brown.freenode.net irc.freenode.net)
  44. [11:51:49] * amir (n=Miranda@gentoo/developer/amir) Quit (brown.freenode.net irc.freenode.net)
  45. [11:51:49] * jibot (n=jibot@64.159.77.114) Quit (brown.freenode.net irc.freenode.net)
  46. [11:51:49] * shackan (n=shackan@85-18-14-13.fastres.net) Quit (brown.freenode.net irc.freenode.net)
  47. [11:51:49] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit (brown.freenode.net irc.freenode.net)
  48. [11:51:49] * idnar_ (n=mithrand@unaffiliated/idnar) Quit (brown.freenode.net irc.freenode.net)
  49. [11:51:49] * fo0bar (i=fo0bar@feh.colobox.com) Quit (brown.freenode.net irc.freenode.net)
  50. [11:51:49] * keturn (n=kevint@pdpc/supporter/sustaining/keturn) Quit (brown.freenode.net irc.freenode.net)
  51. [11:51:49] * GabeW (i=gwachob@pdpc/supporter/professional/GabeW) Quit (brown.freenode.net irc.freenode.net)
  52. [11:51:49] * jirwin (n=jirwin@osuosl/staff/jirwin) Quit (brown.freenode.net irc.freenode.net)
  53. [11:51:49] * terrell (n=trel1023@cpe-066-057-014-057.nc.res.rr.com) Quit (brown.freenode.net irc.freenode.net)
  54. [11:51:49] * Cody_ (n=Cody@74-129-165-175.dhcp.insightbb.com) Quit (brown.freenode.net irc.freenode.net)
  55. [11:51:49] * tessier (n=treed@kernel-panic/sex-machines) Quit (brown.freenode.net irc.freenode.net)
  56. [11:59:20] * trel1023 (n=trel1023@cpe-066-057-014-057.nc.res.rr.com) has joined #openid
  57. [12:01:28] * Cody_ (n=Cody@74-129-165-175.dhcp.insightbb.com) has joined #openid
  58. [12:01:28] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  59. [12:01:28] * jamey (n=jamey@38.99.207.90) has joined #openid
  60. [12:01:28] * fo0bar (i=fo0bar@feh.colobox.com) has joined #openid
  61. [12:01:28] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) has joined #openid
  62. [12:01:28] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
  63. [12:01:28] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  64. [12:01:28] * rorek (n=sanedrag@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  65. [12:01:28] * aconbere|mobile (n=aconbere@c-67-171-24-45.hsd1.wa.comcast.net) has joined #openid
  66. [12:01:28] * shigeta (n=shigeta@124.32.114.226) has joined #openid
  67. [12:01:28] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  68. [12:01:28] * wcdevel (n=admin@user-12ldovf.cable.mindspring.com) has joined #openid
  69. [12:01:28] * david`home (n=david@home.larlet.fr) has joined #openid
  70. [12:01:28] * amir (n=Miranda@gentoo/developer/amir) has joined #openid
  71. [12:01:28] * myren_ (n=myren@63.231.83.177) has joined #openid
  72. [12:01:28] * dcorbin (n=dcorbin@adsl-068-209-008-148.sip.asm.bellsouth.net) has joined #openid
  73. [12:01:28] * quellhorst (n=pro@unaffiliated/rend) has joined #openid
  74. [12:01:28] * jibot (n=jibot@64.159.77.114) has joined #openid
  75. [12:01:28] * marcusramberg (n=marcus@195.159.95.163) has joined #openid
  76. [12:01:28] * don-o (n=donp@206.163.122.98) has joined #openid
  77. [12:01:28] * zirpu (n=zirpu@nefud.org) has joined #openid
  78. [12:01:28] * Akatemik (n=Akatemik@or8-112-3.tky.hut.fi) has joined #openid
  79. [12:01:28] * SIGFPE (i=djcapeli@blender/coder/DJCapelis) has joined #openid
  80. [12:04:17] * bignose (n=bignose@eth595.vic.adsl.internode.on.net) has joined #openid
  81. [12:06:37] * GabeW (i=gwachob@redbox.copaseticnet.com) has joined #openid
  82. [12:06:49] * shackan (n=shackan@85-18-14-13.fastres.net) has joined #openid
  83. [12:07:40] * gchaix (n=gchaix@osuosl/staff/gchaix) Quit (Read error: 110 (Connection timed out))
  84. [12:10:00] * VxJasonxV (n=jason@69.16.139.205) has joined #openid
  85. [12:11:50] * tessier (n=treed@wsip-68-15-4-17.sd.sd.cox.net) has joined #openid
  86. [12:13:47] * gchaix (n=gchaix@osuosl/staff/gchaix) has joined #openid
  87. [12:13:47] * jirwin (n=jirwin@osuosl/staff/jirwin) has joined #openid
  88. [12:14:56] * keturn (n=kevint@pdpc/supporter/sustaining/keturn) has joined #openid
  89. [12:15:20] * idnar (i=mithrand@unaffiliated/idnar) has joined #openid
  90. [12:27:28] * shackan (n=shackan@85-18-14-13.fastres.net) Quit (Read error: 60 (Operation timed out))
  91. [13:43:43] * punter (n=punter@91.140.19.56) has joined #openid
  92. [13:50:21] * punter (n=punter@91.140.19.56) Quit ()
  93. [13:54:37] * shigeta (n=shigeta@124.32.114.226) Quit ("Leaving...")
  94. [14:39:02] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Read error: 110 (Connection timed out))
  95. [14:41:35] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  96. [14:55:48] * SamRose (n=chatzill@brick.voyager.net) has joined #openid
  97. [15:15:29] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit ()
  98. [16:19:34] * cygnus (n=cygnus@www.cprogrammer.org) has joined #openid
  99. [16:23:58] <VxJasonxV> anyone wanna help me answer this question?
  100. [16:24:03] <VxJasonxV> "Why is identity so bloody important?"
  101. [16:24:08] <VxJasonxV> guess who asked :-)
  102. [16:24:11] * VxJasonxV stares at cygnus
  103. [16:43:19] * shackan (n=shackan@85-18-14-13.fastres.net) has joined #openid
  104. [16:46:14] <idnar> identity isn't important, authentication is
  105. [16:51:19] * quellhorst (n=pro@unaffiliated/rend) Quit (Read error: 60 (Operation timed out))
  106. [17:08:35] * CGamesPlay (n=cgames@allegro/user/CGamesPlay) has joined #openid
  107. [17:09:05] <CGamesPlay> does openid allow authenticated messaging?
  108. [17:16:12] <cygnus> not "authenticated", just "signed"
  109. [17:16:37] <cygnus> which one might argue is essentially the same thing, but not in terms of user authentication
  110. [17:19:25] <CGamesPlay> fair enough
  111. [17:20:06] <CGamesPlay> so am I allowed to say I "support openid" if I only support yadis service descriptions pointing to openid?
  112. [17:20:21] <CGamesPlay> Or, how can I support it without having to parse html document to find link elements
  113. [17:32:04] * vals_ (n=tex_vim@host-84-221-19-149.cust-adsl.tiscali.it) has joined #openid
  114. [17:32:04] * tango_ (n=tex_vim@host-84-221-54-151.cust-adsl.tiscali.it) Quit (Read error: 110 (Connection timed out))
  115. [17:43:49] * CGamesPlay (n=cgames@allegro/user/CGamesPlay) has left #openid
  116. [17:44:54] <cygnus> CGamesPlay: well, I guess it depends on what you mean by "support OpenID"
  117. [17:44:59] <cygnus> oh, gone
  118. [17:50:05] * Prometheus^ (n=Promethe@cs181170022.pp.htv.fi) has joined #openid
  119. [17:56:25] * hober (n=ted@unaffiliated/hober) has joined #openid
  120. [18:17:50] * j3h (n=j3h@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  121. [18:55:56] * SamRose (n=chatzill@brick.voyager.net) Quit (Remote closed the connection)
  122. [19:38:31] * cote (n=cote@sdcc-66-78-214-146.smartcity.com) has joined #openid
  123. [19:49:00] * quellhorst (n=pro@unaffiliated/rend) has joined #openid
  124. [20:04:55] * KevinMarks (n=KevinMar@1433bhost147.starwoodbroadband.com) has joined #openid
  125. [20:10:51] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) Quit ("Chatzilla 0.9.77 [Firefox 2.0.0.2/0000000000]")
  126. [20:13:42] * KevinMarks (n=KevinMar@1433bhost147.starwoodbroadband.com) Quit ("The computer fell asleep")
  127. [21:08:41] * nextangler (n=david@adsl-75-34-28-101.dsl.chcgil.sbcglobal.net) has joined #openid
  128. [21:08:53] <nextangler> yoyo, any janran techs in here?
  129. [21:08:58] <nextangler> dhh here
  130. [21:11:05] <cygnus> howdy, nextangler
  131. [21:11:08] * cygnus = cygnus@janrain.com
  132. [21:11:20] <nextangler> hey, hey
  133. [21:11:32] <nextangler> so I think I've figured out the cause of the myopenid issues
  134. [21:11:45] <nextangler> it appears that the file store for the ruby library doesn't clean up after itself
  135. [21:11:55] <nextangler> it leaves files in associations and nonces
  136. [21:12:08] <nextangler> and these somehow cause conflicts
  137. [21:12:20] <nextangler> myopenid people have been locked out of highrise a few times already
  138. [21:12:25] <nextangler> then I clear those folders
  139. [21:12:27] <nextangler> and it works again
  140. [21:12:30] <cygnus> at most, how many associations/ files have you seen?
  141. [21:12:37] <nextangler> lots
  142. [21:12:40] <cygnus> ok
  143. [21:12:44] <nextangler> 50-60, perhaps
  144. [21:12:54] <cygnus> (there was a bug with the PHP library Way Back that was related to that, so I had to ask)
  145. [21:13:04] <nextangler> and around 1000 files in nonces/
  146. [21:13:38] <chowells79> Well, it's true that those aren't cleaned up like they probably should be... But that shouldn't cause errors.
  147. [21:13:50] <cygnus> yeah.
  148. [21:14:15] <chowells79> The associations values, in particular, *should* be relatively long-lived.
  149. [21:14:29] <chowells79> I don't think your site has been up long enough for any associations from myopenid.com to expire.
  150. [21:14:40] <chowells79> (2 weeks is their default lifetime)
  151. [21:14:46] * germanic (n=rheo@S0106001217e16f50.wk.shawcable.net) has joined #openid
  152. [21:14:59] <chowells79> By the way, I'm another janrain-er. :)
  153. [21:15:25] <germanic> Can I use openID to institute a "one global login" for a network of domains that all operate off the same database?
  154. [21:15:48] <_keturn> highrise has everyone log in with their own trust_root. Are you using a single filestore for all those, or one per each?
  155. [21:16:42] <cygnus> germanic: I can't think of any reason why that would be bad..
  156. [21:16:55] <nextangler> _keturn: the same
  157. [21:17:02] * GabeW is amused by j3h's question about "what is FCS?"
  158. [21:17:11] <cygnus> nextangler: have you tried using a different store type?
  159. [21:17:16] <cygnus> (i.e. one of the SQL-backed stores.)
  160. [21:17:18] <nextangler> i haven't
  161. [21:17:23] <_keturn> hmm. I can't think of a reason why that shouldn't work, but it's certainly different than the common configuration.
  162. [21:17:53] <germanic> How does it work that site2.com will know what user it is after they have been asked to authenticate by site1.com
  163. [21:18:08] <cygnus> germanic: that's up to you
  164. [21:18:30] <germanic> how do i know what my options are?
  165. [21:18:30] <cygnus> nextangler: I ask because we think there could be a bug in the filestore implementation, in which case using an SQL store implementation would avoid it
  166. [21:18:52] <germanic> the part i have a hard time with is that if i set a cookie on site1.com then site2.com can't access it.
  167. [21:18:55] <nextangler> that would be a fair amount of rework for the plugin we set up
  168. [21:19:01] <nextangler> do you know what the bug is?
  169. [21:19:02] <cygnus> germanic: yeah, that's the problem
  170. [21:19:10] <germanic> so how do you get around that?
  171. [21:19:35] <cygnus> nextangler: we don't. but why would it be a lot of work? (which store you use should be merely a matter of instantiating the right kind.)
  172. [21:19:35] <GabeW> we know of a bug in the python filestore implementation ;-)
  173. [21:20:00] <germanic> if i make site1.com and site2.com set a cookie for site3.com can site1.com and site2.com check it with site3.com to see if the user has logged in?
  174. [21:20:20] <GabeW> thats not in scope for openid
  175. [21:20:29] <_keturn> germanic: openid doesn't really help you around that problem. site1 and site2 can use the same identifier for the user, but they still have to hit the login button once for each site.
  176. [21:20:40] <nextangler> cygnus: we
  177. [21:20:42] <GabeW> openid is about associating http sessions with authentications
  178. [21:20:55] <nextangler> we've wrapped it as a plugin that requires no setup at http://dev.rubyonrails.org/browser/plugins/open_id_authentication
  179. [21:21:01] <GabeW> _keturn: nextangler could do some fancy "common-domain" hack
  180. [21:21:04] <germanic> is there a way to make them not have to click the login button for each site?
  181. [21:21:08] <GabeW> er
  182. [21:21:16] <GabeW> germanic
  183. [21:21:24] <GabeW> s/nextangler/germanic/
  184. [21:21:27] <nextangler> gabew: you think that's the problem?
  185. [21:21:31] <nextangler> oh
  186. [21:21:34] <GabeW> sorry
  187. [21:21:39] <GabeW> 2 threads going there ;)
  188. [21:22:24] <germanic> describe this fancy common-domain hack?
  189. [21:22:50] <GabeW> oh - you have commondomain.com be the OpenID relying party
  190. [21:23:07] <germanic> yes.
  191. [21:23:16] <j3h> GabeW: bug in the Python OpenID filestore?
  192. [21:23:18] <GabeW> and then you can do redirects from site1.com to commondomain.com which redirects back to site1
  193. [21:23:31] <GabeW> to indicate that authentication happened
  194. [21:23:32] <cygnus> nextangler: setup can be a pain, but in this case I think it would be worth it to abstract the store type out a little. I don't use Rails, but does it give you a way to find out which database backend is in use? If so, you can use that to instantiate the right database store class.
  195. [21:23:33] <germanic> and then what happens when you get to site2.com ?
  196. [21:23:34] <GabeW> anyway
  197. [21:23:52] <GabeW> I think liberty does something similar
  198. [21:24:00] <GabeW> only its not a hack because its "well defined"
  199. [21:24:13] <GabeW> i forget exactly where its written down
  200. [21:24:18] <germanic> but what happens when you get to site2.com ?
  201. [21:24:22] <cygnus> GabeW: oh, I think there are plenty of well-defined hacks
  202. [21:24:30] <GabeW> :)
  203. [21:24:38] <germanic> i'd love to read about it
  204. [21:24:48] <GabeW> j3h - it had to do with the status on windows when you attempted to create a directory for the filestore
  205. [21:24:55] <GabeW> the return code doesn't come back as EEXISTS
  206. [21:25:11] <cygnus> oh, I thought I saw a fix for that go by at some point
  207. [21:25:15] <GabeW> oh
  208. [21:25:16] <germanic> i'd like to make a common domain that all the sites use as their OpenID server and that the users can also use as their OpenID servers elsewhere.
  209. [21:25:16] <GabeW> ok
  210. [21:25:32] <nextangler> cygnus: is the filestore deprecated?
  211. [21:25:36] <cygnus> nextangler: nope
  212. [21:25:51] <cygnus> nextangler: (and I agree it's the easiest to use)
  213. [21:26:07] <cygnus> nextangler: (barring environment-specific filesystem permission issues)
  214. [21:26:28] <cygnus> nextangler: (which plague PHP users in shared hosting environments to no end)
  215. [21:26:56] <nextangler> yeah, and openid have enough issues getting adoption as is
  216. [21:27:06] <cygnus> I suppose. :)
  217. [21:27:33] <nextangler> the more setup requirements for developers, the more the barrier of entry
  218. [21:28:40] <cygnus> yeah, although we are talking about software programmers, not end-users
  219. [21:28:55] <nextangler> they're surprisingly similar ;)
  220. [21:28:57] <cygnus> hah.
  221. [21:29:06] <cygnus> at times, definitely
  222. [21:29:19] <cygnus> nextangler: the ruby lib logs some things to stderr. do you have a way of capturing that?
  223. [21:29:36] <_keturn> the bug GabeW is referring to resulted in [http://xrl.us/vgyu this patch], but it's quite specific to Python-on-Windows
  224. [21:29:56] <germanic> anyone have some idea what i can look for to find that "common domain" hack?
  225. [21:30:06] <bignose> keturn: I've just read <URL:http://moinmoin.wikiwikiweb.de/FeatureRequests/OpenIDSupport>
  226. [21:30:10] <bignose> any update on the weasel-eaten version of OpenID consumer support for MoinMoin?
  227. [21:31:38] <nextangler> cygnus: I'll try that
  228. [21:32:06] <_keturn> bignose: oh, no. Moin's lack of sessions is going to mean a little extra work, which probably won't be included in the initial library release.
  229. [21:32:37] <nextangler> but the cause/effect that I've seen so far is that I don't clear out the associations/nonces, myopenid users are fucked
  230. [21:32:43] <nextangler> no other providers seem to be affected
  231. [21:32:46] <nextangler> which is weird
  232. [21:33:30] <chowells79> Well, if it happens again, try clearing only associations.
  233. [21:33:59] <chowells79> That should fix it.
  234. [21:34:12] <chowells79> If it doesn't, it's a big sign that something really strange is going on.
  235. [21:34:33] <chowells79> What's *likely* happening is that you have an association for myopenid.com getting corrupted somehow.
  236. [21:35:28] <chowells79> It might be some sort of race condition... What OS are you running on?
  237. [21:35:33] <nextangler> freebsd
  238. [21:35:38] <nextangler> could well be race condition
  239. [21:35:50] <GabeW> germanic: see "common domain" here: http://docs.sun.com/source/817-7648/intro.html
  240. [21:35:58] <GabeW> thats just a high level summary
  241. [21:36:11] <nextangler> it's on nfs too
  242. [21:36:16] <chowells79> ooooh
  243. [21:36:18] <chowells79> nfs
  244. [21:36:18] <nextangler> accessed by multiple clients
  245. [21:36:26] <chowells79> yeah, it's probably a race condition.
  246. [21:36:55] <chowells79> I think we assumed strong atomicity semantics than NFS is guaranteed to provide.
  247. [21:37:06] <chowells79> Sadly, I'm not a ruby guy, so I can't double-check.
  248. [21:37:11] <nextangler> you don't get that locally either
  249. [21:37:21] <nextangler> so nfs shouldn't make any difference
  250. [21:37:29] <chowells79> errr.. not "strong"... "stronger". dumb typo.
  251. [21:37:45] <nextangler> atomicity is pretty binary ;)
  252. [21:38:15] <germanic> GabeW: nice page there
  253. [21:38:18] <chowells79> Well, for a particular operation, yes. However, what operations are in the atomic set isn't binary. :)
  254. [21:38:48] <chowells79> I'll try to find someone appropriate to take a look at the file store.
  255. [21:41:09] <nextangler> cools
  256. [21:44:38] <germanic> What I have is a bunch of domains which use the same application ie one DOCUMENT_ROOT and one database... If a user is logged into one I want them to not have to click login again when thy go to another domain on the same app.
  257. [21:45:22] <germanic> oh.i think i see.
  258. [21:46:10] <germanic> if each sites sends the user to the identityserver the first time.. then the identity server can send the user back with the authentication info almost transparently to the user?
  259. [21:47:18] <GabeW> germanic: here's more in depth: http://research.sun.com/liberty_intro/ABItL/index.html
  260. [21:56:48] * Prometheus^ (n=Promethe@cs181170022.pp.htv.fi) Quit ()
  261. [22:01:19] <nextangler> chowell79: When is it safe to delete the files in associations?
  262. [22:01:28] <nextangler> Then I'll setup a cron job to clear them out for now
  263. [22:02:20] <chowells79> Actually...
  264. [22:02:34] <chowells79> We'd like to see what's going on, with the corruption.
  265. [22:02:59] <cygnus> nextangler: they contain expiration time information and the store code is designed to perform GC
  266. [22:03:02] <chowells79> The next time logins start failing, we'd really like to see what the contents of the myopenid association file/s is/are
  267. [22:03:12] <nextangler> k
  268. [22:03:38] <nextangler> that means that we'll have to wait until this starts failing for real users again, of course
  269. [22:03:39] <chowells79> But don't send us other OP's associations... technically, we could do bad things with that. :)
  270. [22:03:56] <nextangler> sure
  271. [22:05:05] <chowells79> One other bit... Can you double-check what's going on? the race condition idea needs something strange to be happening, like getting new associations too frequently.
  272. [22:05:26] <chowells79> Do you have any logs with regards to the openid stuff?
  273. [22:06:16] <trel1023> chowells79: could this be tied in any way to the xrds lookup issue?
  274. [22:06:24] <nextangler> only on OpenID::FAILURE
  275. [22:06:40] <nextangler> and then it's just logging the open_id_response.msg
  276. [22:07:08] <chowells79> Oh, well. We need to log the POST requests we receive in a more meaningful way anyway.
  277. [22:07:14] <bignose> keturn: darn, that's frustrating.
  278. [22:07:22] <chowells79> trel1023: Which issue?
  279. [22:07:26] <bignose> keturn: I'd really like OpenID support in MoinMoin
  280. [22:07:39] <bignose> keturn: what code should I hack on to help?
  281. [22:08:01] <bignose> keturn: bearing in mind that my knowledge of Moin's internal code is less than my knowledge of OpenID, which isn't much :-)
  282. [22:08:09] <nextangler> "OpenID authentication failed: check_auth failed: is_valid was false"
  283. [22:08:15] <chowells79> oh, really?
  284. [22:08:18] <nextangler> is the most common failure
  285. [22:08:19] <trel1023> http://forum.highrisehq.com/forums/3/topics/73
  286. [22:09:25] <nextangler> also have a few OpenID authentication failed: sig mismatch
  287. [22:09:35] * vals_ is now known as tango_
  288. [22:09:36] <nextangler> and a couple of OpenID authentication failed: No session state found.
  289. [22:09:58] <chowells79> And you can confirm that you get streams of the "is_valid was false" from myopenid logins when you're in the bad state?
  290. [22:10:02] <nextangler> but the check_auth seems to be the overwhelming majority of the issues
  291. [22:10:14] <nextangler> chowells79 I'm almost positive
  292. [22:10:17] <nextangler> the times match up
  293. [22:10:20] * cote (n=cote@sdcc-66-78-214-146.smartcity.com) Quit ()
  294. [22:10:21] <chowells79> Ok.
  295. [22:10:25] <chowells79> That's useful information.
  296. [22:10:30] <chowells79> Not quite sure what to make of it.
  297. [22:10:33] <nextangler> actually
  298. [22:10:36] <chowells79> But it *does* convey value.
  299. [22:11:53] <_keturn> bignose: as far as where in the moint internals this goes, it sounds like the person to ask is johill in #moin-dev. (not currently online)
  300. [22:11:59] <_keturn> s/moint/moin/
  301. [22:12:29] <GabeW> i wonder aloud sometimes whether its easier to do openid integration through cookies rather than through hacking code
  302. [22:13:00] <GabeW> that is, by having something sitting next to your favorite software package that does openid auth and sets cookies that are readable by your favorite softrware app
  303. [22:13:09] <GabeW> so that integration is minimal on your favorite app
  304. [22:13:21] <nextangler> Ya, the error is definitely check_auth failed when the shit goes bad
  305. [22:13:38] <bignose> GabeW: code hacking is still required for those apps that don't have an easy way to replace their existing authentication -- which is most of them.
  306. [22:14:05] <GabeW> yah, but I woudl imagine ther's a lot less
  307. [22:14:20] <GabeW> i mean, you're basically just reading authentication status from a cookie instead of internal state..
  308. [22:14:35] <bignose> GabeW: as for what you describe, I don't see how that's not exactly what we have already in the JanRain libraries for various languages
  309. [22:14:51] <GabeW> bignose: well, i'm talking about something completely standalone
  310. [22:15:28] <GabeW> so, as long as its in the same URLspace, and can set cookies that another app can read, then it doesn't really have to have any integration
  311. [22:15:31] <GabeW> now
  312. [22:15:33] <_keturn> bignose: I should probably find out what johill has been working on... I just happened to catch a comment from him the other day saying that support was "nearly finished" except for the 2.0 libs not being released... It'd be good if we could get them testing with a current snapshot.
  313. [22:15:50] * cote (n=cote@sdcc-66-78-214-146.smartcity.com) has joined #openid
  314. [22:15:57] <GabeW> i'm not sure thats entirely possible in many cases because a lot of assumptions get made about managing users many times
  315. [22:16:24] <bignose> GabeW: the hacking on the subject application would be pretty much the same
  316. [22:16:29] <GabeW> hmm
  317. [22:16:45] <GabeW> depends on the app I guess
  318. [22:16:56] <bignose> GabeW: you're still needing to get in there and replace its existing assumptions about authenticated users, and divert that to something outside the application
  319. [22:17:13] <_keturn> GabeW: we've done some thinking along those lines too. You get rid of the protocol handling, but you still need to do some integration with the fact that user identifiers are now URLs and whatnot
  320. [22:17:23] <GabeW> yah
  321. [22:18:01] <GabeW> in any case, if I'm designing a new app, i'd really like the interface to be "stuff in a cookie"
  322. [22:18:21] <GabeW> and that be it - and login is merely a redirect to the openid RP thing sitting next to my newapp
  323. [22:18:23] <bignose> OpenID is introducing the concept of modularlisation at a point that many applications were never designed to have modular: the user authentication.
  324. [22:18:28] <GabeW> ah
  325. [22:18:30] <GabeW> yah
  326. [22:18:32] <GabeW> true
  327. [22:18:37] <GabeW> well
  328. [22:18:43] <cygnus> yeah.
  329. [22:18:47] <GabeW> i guess thats true outside the "enterprise" space
  330. [22:18:50] <bignose> which in the long term is a great thing, regardless of the future of OpenID
  331. [22:18:50] <cygnus> and in particular, they expect username, password
  332. [22:18:56] <cygnus> let alone abstracting the *source* of that data
  333. [22:19:06] <chowells79> I just realized today "I don't need to make a 'change password' form for this app! holy crap! awesome!"
  334. [22:19:07] <chowells79> :)
  335. [22:19:15] <GabeW> exactly
  336. [22:19:17] <bignose> chowells79: that's a nice feeling :-)
  337. [22:19:32] <GabeW> all that stuff should be "outsourceable" to a OpenID consumer/rp blob
  338. [22:19:34] <_keturn> and it tends to also introduce *another* source of look-n-feel that's neither the RP application nor the user's provider
  339. [22:19:39] <GabeW> hehe
  340. [22:20:37] <GabeW> ok anyway, all good ideas
  341. [22:34:46] * fajrozzz is now known as Esperantoragxas
  342. [22:34:58] * Esperantoragxas is now known as Esperantoregxas
  343. [22:35:42] * Esperantoregxas is now known as Sekretario
  344. [22:48:05] * cote (n=cote@sdcc-66-78-214-146.smartcity.com) Quit ()
  345. [23:12:47] * KevinMarks (n=KevinMar@1433bhost147.starwoodbroadband.com) has joined #openid
  346. [23:21:03] * Sekretario (n=fajro@OL104-24.fibertel.com.ar) Quit ("Ex-Chat")
  347. [23:45:29] * myren_ (n=myren@63.231.83.177) Quit ("useless!")
  348. [23:46:33] <cygnus> nextangler: there is an ActiveRecord-based OpenID store in the examples directory of the ruby OpenID library tarball, FYI.
  349. [23:47:16] <nextangler> I'd really rather get the file-based one working. It makes selling this plugin much simpler.
  350. [23:47:43] <nextangler> but yah, if we're unable to get it working, we'll have to switch
  351. [23:49:12] * cygnus nods
  352. [23:49:40] <cygnus> yeah, I suppose the assumption that Rails == database available is not a sound one. Django originally made that assumption, and since then, they made the presence of a database optional for obvious reasons.
  353. [23:49:58] <cygnus> and running a database when you otherwise have no need is a real downer.
  354. [23:58:35] <nextangler> totally

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.