IRC Log for #openid on 2007-05-02

Timestamps are in UTC.

  1. [00:39:36] * shigeta (n=shigeta@124.32.114.226) has joined #openid
  2. [00:42:12] * m3nt0r (n=mail@p50900463.dip0.t-ipconnect.de) Quit ("( www.nnscript.de :: NoNameScript 4.02 :: www.XLhost.de )")
  3. [00:48:58] * jellomld (n=jon@64.13.224.107) Quit ("leaving")
  4. [00:56:31] * cote_ (n=cote@adsl-71-145-192-212.dsl.austtx.sbcglobal.net) has joined #openid
  5. [01:01:13] * bricas (n=bricas@CPE0011506c8049-CM0013711405ec.cpe.net.cable.rogers.com) Quit (Remote closed the connection)
  6. [01:03:52] * daleolds (i=daleolds@nat/novell/x-68b9f007dcb1937d) has left #openid
  7. [01:13:40] * cote (n=cote@adsl-71-145-184-37.dsl.austtx.sbcglobal.net) Quit (Read error: 110 (Connection timed out))
  8. [01:18:24] * KevinMarks (i=KevinMar@nat/google/x-e4afeeda9a3cd7ef) Quit ("The computer fell asleep")
  9. [02:57:33] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) Quit ("Leaving")
  10. [03:02:49] * brylie (n=brylie@CPE-75-81-108-73.kc.res.rr.com) has joined #openid
  11. [03:02:49] <jibot> brylie is awesome
  12. [03:19:56] * cote_ is now known as cote
  13. [03:27:38] * brylie (n=brylie@CPE-75-81-108-73.kc.res.rr.com) Quit ("Ex-Chat")
  14. [04:31:19] * brynary (n=brynary@static-70-107-231-80.ny325.east.verizon.net) has joined #openid
  15. [05:14:22] * fajro (n=fajro@OL104-24.fibertel.com.ar) Quit (Read error: 104 (Connection reset by peer))
  16. [05:26:34] * fajro (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  17. [06:50:40] * brynary (n=brynary@static-70-107-231-80.ny325.east.verizon.net) Quit ()
  18. [07:00:24] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  19. [07:01:51] * fajro is now known as fajrozzz
  20. [07:28:11] * SRogers (n=chatzill@cpe-72-179-20-29.austin.res.rr.com) Quit (Read error: 110 (Connection timed out))
  21. [07:40:13] * stratus (n=stratus@201.53.55.52) has joined #openid
  22. [07:45:00] * padd173 (n=punter@ipa245.21.91.tellas.gr) has joined #openid
  23. [08:24:14] * yuenchi` (n=yclian@228.247.95.219.cbj02-home.tm.net.my) Quit (Connection reset by peer)
  24. [08:31:19] * yuenchi` (n=yclian@115.247.95.219.cbj02-home.tm.net.my) has joined #openid
  25. [08:38:11] * yuenchi^ (n=yclian@123.209.95.219.cbj02-home.tm.net.my) has joined #openid
  26. [08:39:22] * yuenchi` (n=yclian@115.247.95.219.cbj02-home.tm.net.my) Quit (Connection reset by peer)
  27. [08:44:37] * Flenser (n=Miranda@hiddenisland.plus.com) has joined #openid
  28. [08:52:49] * bortzmeyer (i=bortzmey@batilda.nic.fr) has joined #openid
  29. [09:02:32] * yuenchi^ (n=yclian@123.209.95.219.cbj02-home.tm.net.my) Quit (Connection timed out)
  30. [09:02:51] * yuenchi (n=yclian@210.208.95.219.cbj02-home.tm.net.my) has joined #openid
  31. [09:03:25] * quellhorst (n=pro@unaffiliated/rend) Quit ()
  32. [09:06:13] * rgl (n=Rui@84.90.10.107) has joined #openid
  33. [09:06:14] <rgl> hi
  34. [09:06:38] <rgl> johill, ping :D
  35. [09:07:01] <rgl> johill, do I need python-openid 2.0?
  36. [09:07:22] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit ()
  37. [09:07:30] <rgl> with 1.2 its bailing at from openid.store import nonce (cannot find the nounce modle)
  38. [09:18:35] * yuenchi` (n=yclian@218.111.47.15) has joined #openid
  39. [09:21:35] <johill> rgl: yes
  40. [09:21:55] <rgl> johill, ah ok. thank you :)
  41. [09:25:26] <johill> I gues this came up once you configured it correctly? ;)
  42. [09:35:43] * rgl_ (n=Rui@84.90.10.107) has joined #openid
  43. [09:37:55] <rgl_> johill, the openid identity box appears :)
  44. [09:38:05] <johill> :)
  45. [09:38:06] * tbbrown (n=tbbrown@cpe-66-68-127-247.austin.res.rr.com) has left #openid
  46. [09:38:12] <rgl_> johill, though, you got the openid.png file?
  47. [09:38:20] <johill> sure, sec
  48. [09:38:26] <johill> actually just grab it from linuxwireless.org
  49. [09:38:45] <johill> http://linuxwireless.org/moin/common/openid.png
  50. [09:39:14] <rgl_> http://linuxwireless.org/welcome?action=login does not show it :D
  51. [09:39:42] <rgl_> ah, but there is it :D
  52. [09:40:44] * yuenchi^ (n=yclian@74.214.95.219.cbj02-home.tm.net.my) has joined #openid
  53. [09:42:17] * yuenchi (n=yclian@210.208.95.219.cbj02-home.tm.net.my) Quit (Connection timed out)
  54. [09:43:35] <johill> yeah, because I didn't change the theme there yet to include it
  55. [09:43:35] <johill> note how it's not the regular moin theme ;)
  56. [09:44:10] <rgl_> yeah, I didn't known it was moin at all hehe
  57. [09:44:23] <rgl_> johill, where is the anonymous_cookie_lifetime described?
  58. [09:44:36] <rgl_> http://moinmoin.wikiwikiweb.de/HelpOnConfiguration does not seem to describe it
  59. [09:44:37] <johill> HelpOnAuthentication at the same place I sent you the link to
  60. [09:44:50] <johill> oh yeah, HelpOnConfiguration on the 1.7 todo page
  61. [09:45:10] <johill> brb
  62. [09:45:37] <rgl_> johill, sorry, what? I don't find its description anywhere :(
  63. [09:45:57] <rgl_> I'll just put 100 there... no ideia what that means *G*
  64. [09:46:25] <rgl_> its the same as cookie_lifetime ?
  65. [09:46:37] <johill> hm, looks like I forgot to put it there
  66. [09:46:39] <johill> it's in hours
  67. [09:47:00] <johill> you can even use 0.5 or something, openid rarely needs more than a few minutes :)
  68. [09:47:08] <johill> and once you log in it gets promoted to cookie_lifetime
  69. [09:48:05] <johill> moin-test.sipsolutions.net has an hour I think
  70. [09:49:47] <rgl_> johill, its aaaaliveee :)
  71. [09:50:20] <johill> :)
  72. [09:50:30] <johill> rgl_: I see you found my stamp files for which version the patches are against :)
  73. [09:51:00] * Flenser (n=Miranda@twiki/developer/SamHasler) has left #openid
  74. [09:51:44] <rgl_> johill, what you mean by promoted? once I login cookie_lifetime is set to the value of anonymous_cookie_lifetime ? or, once I login my session uses the normal cookie_lifetime?
  75. [09:51:56] * rgl (n=Rui@84.90.10.107) Quit (Read error: 110 (Connection timed out))
  76. [09:51:58] <johill> the latter
  77. [09:52:20] <johill> it works too, I just logged in using my openid :)
  78. [09:52:45] <rgl_> that two english words, "later", "former" always confuse me!
  79. [09:52:59] <johill> heh, latter, not later
  80. [09:53:10] <rgl_> oh yes, sorry, typo :D
  81. [09:53:26] <johill> once you log in your session and your cookie have cookie_lifetime lifetime
  82. [09:53:40] <rgl_> latter is last, and former is before last, right?
  83. [09:54:04] <rgl_> ah ok. got ya :)
  84. [09:54:05] <johill> latter is the last, but former would be the first I'd think, though I've hardly ever seen it used with more than two choices
  85. [09:54:33] <johill> mind you, I'm not a native English speaker either
  86. [09:55:15] <rgl_> hehe
  87. [09:55:23] <rgl_> I'm from Portugal :D
  88. [09:55:27] * rgl_ is now known as rgl
  89. [09:57:06] <rgl> johill, thanks for the tips, and for making openid possible in moin :-)
  90. [09:58:04] * yuenchi` (n=yclian@218.111.47.15) Quit (Read error: 110 (Connection timed out))
  91. [09:58:49] <johill> :)
  92. [10:01:35] <johill> there are still some quirks, like you need to set your email the first time you change user preferences
  93. [10:01:53] <johill> maybe the moin login should ask for the email when you first log in
  94. [10:02:07] <johill> or better use attribute exchange
  95. [10:02:15] <rgl> how about simple registration?
  96. [10:02:23] <johill> or that
  97. [10:02:52] <rgl> :)
  98. [10:03:27] <johill> also, it is possible to use multiple openIDs with the same account, but it requires setting a password first
  99. [10:03:45] <johill> should probably be possible to add other IDs in the user preferences screen, and also remove IDs
  100. [10:04:00] <johill> part of my todo at http://moinmoin.wikiwikiweb.de/JohannesBerg/OpenID_support/client
  101. [10:08:42] <rgl> I see :)
  102. [10:10:01] <johill> feel free to hack on it :)
  103. [10:14:53] <rgl> oh, please, don't hold your breath, I can't promisse anything, because my intend is to have several consumers working / interop with my own provider.
  104. [10:15:27] <johill> oh good, feel free to also test the moin provider :)
  105. [10:27:15] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Read error: 110 (Connection timed out))
  106. [10:27:48] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  107. [10:39:59] * padd173 (n=punter@ipa245.21.91.tellas.gr) Quit ()
  108. [10:59:42] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) has joined #openid
  109. [11:33:59] * cote (n=cote@adsl-71-145-192-212.dsl.austtx.sbcglobal.net) Quit ()
  110. [11:38:18] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  111. [12:08:35] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Read error: 110 (Connection timed out))
  112. [12:11:47] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  113. [12:20:09] * shigeta (n=shigeta@124.32.114.226) Quit ("Leaving...")
  114. [12:33:10] * stratus (n=stratus@201.53.55.52) has left #openid
  115. [12:43:19] * Flenser (n=Miranda@hiddenisland.plus.com) has joined #openid
  116. [13:06:12] * cote (n=cote@m815f36d0.tmodns.net) has joined #openid
  117. [13:08:50] * SRogers (n=chatzill@cpe-72-179-20-29.austin.res.rr.com) has joined #openid
  118. [13:25:14] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit ()
  119. [13:54:11] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) has joined #openid
  120. [14:02:22] * Prometheus^ (n=Promethe@kone1.tmvvision.finnetcom.net) Quit ()
  121. [14:09:54] * cote (n=cote@m815f36d0.tmodns.net) Quit ()
  122. [14:31:34] * stratus (n=stratus@201.53.55.52) has joined #openid
  123. [14:32:01] * stratus (n=stratus@201.53.55.52) has left #openid
  124. [14:41:21] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Read error: 110 (Connection timed out))
  125. [14:42:19] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  126. [14:55:23] * KevinMarks (n=Snak@h-68-164-93-9.snvacaid.dynamic.covad.net) has joined #openid
  127. [15:21:10] * bortzmeyer (i=bortzmey@batilda.nic.fr) has left #openid
  128. [15:45:54] * daleolds (i=daleolds@nat/novell/x-45f87565d2abcb4d) has joined #openid
  129. [15:57:36] * SvenDowideit (n=SvenDowi@twiki/developer/SvenDowideit) Quit (Read error: 110 (Connection timed out))
  130. [15:58:19] * SvenDowideit (n=SvenDowi@twiki/developer/SvenDowideit) has joined #openid
  131. [16:14:25] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Connection timed out)
  132. [16:22:09] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  133. [16:30:27] <rgl> when we are handling a check_authentication should we check if the end-user is authenticated before attempting to validade the passed assoc_handle?
  134. [16:32:16] <keturn> check_authentication comes as a POST straight from the RP, so you can't really check based on the incoming request...
  135. [16:33:36] <rgl> oh, you are right. gee, I'm sleeping with my eyes open :|
  136. [16:33:37] <rgl> thx
  137. [16:42:48] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Read error: 110 (Connection timed out))
  138. [16:43:22] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  139. [16:52:58] * cygnus (n=cygnus@www.cprogrammer.org) has joined #openid
  140. [17:08:14] * daleolds (i=daleolds@nat/novell/x-45f87565d2abcb4d) has left #openid
  141. [17:09:19] <rgl> when we return an invalidate_handle from a checkid_setup, the check_authenticate will be used to check if its really valid, correct?
  142. [17:10:26] <rgl> err s,check_authenticate,check_authentication,
  143. [17:10:46] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Connection timed out)
  144. [17:12:22] * mmell (n=mmell@adsl-75-35-4-68.dsl.pltn13.sbcglobal.net) has joined #openid
  145. [17:23:00] <cygnus> rgl: yes
  146. [17:24:00] <rgl> cygnus, then, inside check_authenticate we will only check stateful invalidade_handle, right?
  147. [17:24:53] * epeus (i=KevinMar@nat/google/x-e91bf7d4e12e663f) has joined #openid
  148. [17:24:56] <rgl> oh hang on, I'm making an activity diagram. I'll upload it, and maybe you can see if its ok :D
  149. [17:25:55] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  150. [17:27:43] * KevinMarks (n=Snak@pdpc/supporter/active/kevinmarks) Quit (Nick collision from services.)
  151. [17:27:50] * epeus is now known as KevinMarks
  152. [17:31:45] <rgl> can you check this http://ruilopes.com/tmp/protocol-mode-checkid_authentication-en.jpg ?
  153. [17:32:27] <cygnus> not found
  154. [17:35:16] <rgl> cygnus, really? oh, try again, please.
  155. [17:35:53] <rgl> oh, I'm missing a check to really see if the invalidate_handle is invalid before adding it to the response.
  156. [17:36:59] <cygnus> huh?
  157. [17:37:13] <cygnus> invalidate_handle is only added by the server. invalidate_handle is never invalid.
  158. [17:37:25] <cygnus> i.e., the assoc_handle passed by the RP to the IDP might be invalid.
  159. [17:37:43] <cygnus> in which case, the server signs with its own association and returns invalidate_handle=original assoc_handle in the response.
  160. [17:37:48] <cygnus> then, the RP knows to do check_auth.
  161. [17:38:49] <rgl> cygnus, not if you have an rouge consumer, which, can add a invalidate_handle at will.
  162. [17:40:22] <cygnus> consumers do not add invalidate_handle.
  163. [17:44:45] <rgl> cygnus, they don't? what happens when a consumer issues a checkid_setup with an invalid assoc_handle? the provider will generate a stateless one, and will return assoc_handle as invalidade_handle; then the consumer will issue another check_authentication with invalidate_handle in it, no?
  164. [17:46:07] <rgl> I mean, the consumer will fallback to stateless mode, no? or will it ignore that, and will do a new association?
  165. [17:47:51] <cygnus> the consumer will issue check_auth, yes.
  166. [17:47:55] <cygnus> with the invalidate_handle value from the server.
  167. [17:48:03] <cygnus> i.e., the one it originally sent as assoc_handle.
  168. [17:48:07] <rgl> so it adds it ;-)
  169. [17:48:23] <cygnus> no, it doesn't. :)
  170. [17:48:33] <cygnus> it merely takes the response from the server and sends it back to the server.
  171. [17:48:38] <cygnus> using a direct POST.
  172. [17:48:39] <rgl> so you prefer to call it a copy? :D
  173. [17:48:48] <cygnus> well, "adding" is not the same.
  174. [17:48:52] <cygnus> adding implies it wasn't there to begin with.
  175. [17:49:05] <cygnus> but at any rate, what are you trying to get at?
  176. [17:49:18] <rgl> and it wasn't. its a new request :D oh, nm ;)
  177. [17:49:59] <cygnus> if you assume the consumer adds an arbitrary invalidate_handle value in the check_auth message, that does nothing.
  178. [17:50:08] <rgl> I want to known when should I verify the invalidate_handle. I think I should only verify it, if its an stateful handle.
  179. [17:50:27] <cygnus> the invalidate_handle value is never "verified"
  180. [17:50:42] <cygnus> it's an indicator that the RP should perform check_auth, nothing more.
  181. [17:51:05] <rgl> what do you mean? so why there is an invalidate_handle on the check_authentication request?
  182. [17:51:18] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Success)
  183. [17:52:39] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  184. [17:56:10] <cygnus> rgl: because the spec says to send the entire id_res message back with openid.mode set to check_authentication. it needs to be present if it was signed, for example. the server can use the invalidate_handle value to remove the handle from its store if it is indeed valid. that's the only validation that gets done, but the 1.1 spec is not very explicit about it.
  185. [17:56:28] <cygnus> indeed invalid, that is.
  186. [17:58:59] <rgl> ok, I understant that, what I don't understand is when you should validate invalidate_handle. the warning on 1.1 spec is confusing me :(
  187. [17:59:32] <cygnus> the 2.0 spec's wording is clearer
  188. [17:59:38] <rgl> because the provider should return an invalidate_handle when it wants the consumer to drop that handle.
  189. [17:59:47] <cygnus> section 11.4.2.2
  190. [18:01:43] * daleolds (i=daleolds@nat/novell/x-27c3a67148d1b2f6) has joined #openid
  191. [18:03:11] <cygnus> rgl: about the section 4.4 warning in the 1.1 spec:
  192. [18:03:49] <cygnus> that means that a server should not verify the signature of a check_auth message whose assoc_handle value is a stateful association handle.
  193. [18:03:56] <cygnus> that is not related to the invalidate_handle value
  194. [18:04:26] <cygnus> so, if the server returns invalidate_handle in id_res and chooses its own assoc_handle to use, it should store that as a stateless association.
  195. [18:04:48] <cygnus> then, when it gets a check_auth, it should only respond to that check_auth if the assoc_handle in the message is a stateless association it knows about.
  196. [18:05:34] <rgl> ok. I got that nailed in the image link I've posted here.
  197. [18:06:23] <rgl> the invalidate_handle check is only to make sure its still valid in our store?
  198. [18:06:40] <rgl> if its not in our store, we simply return it on the response?
  199. [18:08:13] <cygnus> yes
  200. [18:08:17] <cygnus> well, "invalid"
  201. [18:08:23] <cygnus> which could be "not in the store" or "expired"
  202. [18:09:13] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  203. [18:10:43] <rgl> cygnus, can you re-check http://ruilopes.com/tmp/protocol-mode-checkid_authentication-en.jpg ?
  204. [18:11:21] <rgl> the "invalid" is like you said. nto it store or expired.
  205. [18:12:24] <cygnus> I think that the step that says "invalidate_handle stateful?" can be removed; it should *never* be stateless. all you need to do is go directly to "invalidate_handle valid?"
  206. [18:12:43] <cygnus> but otherwise, I think that looks ok.
  207. [18:13:32] * j3h (n=j3h@c-76-105-135-22.hsd1.or.comcast.net) has joined #openid
  208. [18:13:44] <rgl> cygnus, but I can't be sure if a rouge consumer will never send a stateless handle. I'm not sure if that will open any disclosure :|
  209. [18:15:20] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) Quit (Connection timed out)
  210. [18:15:23] <cygnus> I don't see any harm in a consumer sending a bogus invalidate_handle in check_auth.
  211. [18:16:53] <rgl> isn't it the same case why you check if the assoc_handle is really a stateless one?
  212. [18:17:15] <cygnus> no
  213. [18:17:43] <cygnus> assoc_handle must be stateless because it cannot be shared with anyone, where "shared" means "someone else has the secret."
  214. [18:17:55] <cygnus> it must be a handle whose secret is only known by the server.
  215. [18:18:02] <cygnus> i.e., "stateless"
  216. [18:18:25] <rgl> how would you get hold on a handle like that?
  217. [18:18:36] <cygnus> get a hold?
  218. [18:18:44] <cygnus> in what context?
  219. [18:18:58] <cygnus> the server generates such an association and sends the assoc_handle value in an id_res response.
  220. [18:19:19] <rgl> how would a consumer ever known the shared secret of an stateless association?
  221. [18:19:30] <cygnus> it wouldn't.
  222. [18:19:54] <rgl> so, why check if the association if stateless? :D
  223. [18:20:06] <rgl> err s,if,is
  224. [18:20:11] <rgl> is stateless.
  225. [18:20:23] <cygnus> because if it's stateful, someone else has the secret, which violates the IDP's ability to assert that the signature it added to the message was created by the server
  226. [18:20:30] <cygnus> and not a consumer that also knows the secret.
  227. [18:21:26] <rgl> because you are affraid to generate the same secret for stateless/stateful association?
  228. [18:21:42] <cygnus> no
  229. [18:27:18] * brianellin (n=brianell@c-71-236-228-127.hsd1.or.comcast.net) Quit ("Leaving")
  230. [18:28:05] * fajrozzz (n=fajro@OL104-24.fibertel.com.ar) has joined #openid
  231. [18:28:16] <rgl> I think I got it. this way, you can't use a response from another RP and reply it again with the provider, is that it? :D
  232. [18:37:12] * _keturn reads backscroll
  233. [18:43:55] <_keturn> hmm, hopefully the return_to is signed in to the message and the RP checks that, so you can't replay a message that was written for another
  234. [18:50:54] * MattKelly (n=mattk@cpe-71-67-112-165.woh.res.rr.com) has joined #openid
  235. [18:53:14] * chowells79 (n=chowells@c-71-236-228-127.hsd1.or.comcast.net) has joined #openid
  236. [18:57:01] * fajrozzz is now known as fajro
  237. [19:05:41] * fajro (n=fajro@OL104-24.fibertel.com.ar) Quit ("Ex-Chat")
  238. [19:09:06] * daleolds (i=daleolds@nat/novell/x-27c3a67148d1b2f6) Quit ("bye")
  239. [19:12:05] <MattKelly> when I log a user in using OpenID, I would typically create a user account in my own DB, right?
  240. [19:12:27] <MattKelly> would I then have to have the user enter another password for my site, as well? I'm guessing OpenID doesn't pass the password back to me
  241. [19:12:44] <MattKelly> or would I just leave the pw blank and rely on OpenID every tiem
  242. [19:13:01] <cygnus> MattKelly: yes, you need some kind of internal handle for the OpenID. presumably you'd attach prefs and other things to it.
  243. [19:13:08] <cygnus> but no, no password required.
  244. [19:13:21] <cygnus> and I would recommend removing the password field completely, if you can.
  245. [19:13:36] <cygnus> it's very confusing to OpenID users, and could even be construed as a phishing mechanism..
  246. [19:14:00] <MattKelly> well then how are users authenticated?
  247. [19:14:33] <cygnus> that's up to the OpenID server used for a given OpenID
  248. [19:15:09] <MattKelly> oh ok
  249. [19:16:21] <cygnus> as a web site developer that wants to use OpenID, you need only use an OpenID library to manage the details of the protocol. The server takes care of authentication, and you just look at the OpenID response you get to determine whether to log the user into your app.
  250. [19:16:52] <MattKelly> understandable, but couldn't a user simply enter another user's openid and login?
  251. [19:17:10] <MattKelly> for example, if I had "matt.livejournal.com", someone could just enter it and log in as me
  252. [19:17:23] <MattKelly> I guess I just don't understand how users are differentiated
  253. [19:19:59] <cygnus> if they know how to authenticate on the server, yes, that's true
  254. [19:20:09] <cygnus> and that's no different than "if someone knows my username and password, he can log in as me"
  255. [19:20:45] <MattKelly> but authenticating on the server is as simple as entering "matt.livejournal.com", right?
  256. [19:20:53] <cygnus> no
  257. [19:21:13] <cygnus> the user-agent gets redirected to the server and has to enter something: a password, etc.
  258. [19:21:19] <MattKelly> ooooh
  259. [19:21:25] <cygnus> presuming it's not an evil server.
  260. [19:21:30] <MattKelly> yeah
  261. [19:21:47] <cygnus> you get an OpenID protocol response (usually in the form of a browser redirect) stating result.
  262. [19:21:50] <cygnus> the result, even.
  263. [19:22:11] <MattKelly> I gotcha- it's similar to the Facebook API (if you know how that works)
  264. [19:22:21] <cygnus> nope
  265. [19:22:26] <MattKelly> basically the same thing
  266. [19:23:50] <MattKelly> well that clears thing up- thanks
  267. [19:25:19] <cygnus> yw
  268. [19:25:51] <cygnus> if you have any library questions, you can ask here or subscribe to the janrain library development list, presuming you're using one of them: http://xrl.us/vmtm
  269. [19:26:00] <cygnus> asking on the list is the better bet
  270. [19:31:37] <MattKelly> ok
  271. [19:48:03] * bricas (n=bricas@h64-5-219-130.gtcust.grouptelecom.net) Quit ("ChatZilla 0.9.78.1 [Firefox 2.0.0.3/2007040314]")
  272. [19:51:47] <terrell> MattKelly: http://simonwillison.net/2006/openid-screencast/
  273. [19:52:02] <terrell> seeing is much easier than reading
  274. [19:58:55] <MattKelly> terrell: this is great- thank you!
  275. [19:59:12] <terrell> yep, spread the word
  276. [19:59:36] * aconbere|work (n=aconbere@mail.geonerco.com) Quit (Read error: 104 (Connection reset by peer))
  277. [20:04:25] <MattKelly> will do
  278. [20:38:56] * aconbere|work (n=aconbere@mail.geonerco.com) has joined #openid
  279. [20:43:26] * KevinMarks (i=KevinMar@pdpc/supporter/active/kevinmarks) Quit ("The computer fell asleep")
  280. [20:44:41] * daleolds (i=daleolds@nat/novell/x-cde9ebe7ac8ed85b) has joined #openid
  281. [20:51:51] * daleolds (i=daleolds@nat/novell/x-cde9ebe7ac8ed85b) has left #openid
  282. [20:55:23] * KevinMarks (i=KevinMar@nat/google/x-6aa823e88667cc47) has joined #openid
  283. [20:55:43] * rgl (n=Rui@84.90.10.107) Quit (Read error: 110 (Connection timed out))
  284. [20:58:42] * aconbere|work (n=aconbere@mail.geonerco.com) Quit ("Lost terminal")
  285. [20:59:25] * aconbere|work (n=aconbere@mail.geonerco.com) has joined #openid
  286. [21:21:44] * stratus_ (n=stratus@201.53.55.52) has joined #openid
  287. [21:21:56] * stratus_ (n=stratus@201.53.55.52) has left #openid
  288. [21:30:32] * rgl (n=Rui@84.90.10.107) has joined #openid
  289. [21:56:17] * cmarcelo (n=cmarcelo@200-232-236-49.dsl.telesp.net.br) Quit (Read error: 110 (Connection timed out))
  290. [21:56:24] * KevinMarks (i=KevinMar@nat/google/x-6aa823e88667cc47) Quit ("The computer fell asleep")
  291. [22:16:04] * daleolds (i=daleolds@nat/novell/x-562f00db48e55571) has joined #openid
  292. [22:27:14] * rgl_ (n=Rui@84.90.10.107) has joined #openid
  293. [22:29:02] * yuenchi^ (n=yclian@74.214.95.219.cbj02-home.tm.net.my) Quit (Read error: 104 (Connection reset by peer))
  294. [22:30:08] * idnar (i=mithrand@unaffiliated/idnar) Quit (Nick collision from services.)
  295. [22:30:13] * idnar_ (i=mithrand@unaffiliated/idnar) has joined #openid
  296. [22:32:26] * rgl (n=Rui@84.90.10.107) Quit (Read error: 113 (No route to host))
  297. [22:41:32] * rkerr (n=rjk@CPE00095bdde585-CM0011ae91b176.cpe.net.cable.rogers.com) has joined #openid
  298. [22:53:49] * cmarcelo (n=cmarcelo@200-232-237-5.dsl.telesp.net.br) has joined #openid
  299. [23:03:05] * Flenser (n=Miranda@twiki/developer/SamHasler) Quit (Read error: 104 (Connection reset by peer))
  300. [23:17:59] * bricas (n=bricas@CPE0011506c8049-CM0013711405ec.cpe.net.cable.rogers.com) has joined #openid
  301. [23:46:21] * KevinMarks (i=KevinMar@nat/google/x-40289633b2871ccd) has joined #openid

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.