IRC Log for #openid on 2008-05-27

Timestamps are in UTC.

  1. [00:04:48] * Fitzsimmons (n=justin@unaffiliated/fitzsimmons) has joined #openid
  2. [00:40:32] * shigeta (n=shigeta@124.32.114.226) has joined #openid
  3. [00:51:42] * miyagawa (n=miyagawa@monster.bulknews.net) has joined #openid
  4. [00:51:42] <jibot> miyagawa is Tatsuhiko Miyagawa, the author of Plagger <http://plagger.org> and works on Vox <http://www.vox.com> in Six Apart.
  5. [01:16:27] * e_s_p (n=evan@pdpc/supporter/silver/evanpro) has joined #openid
  6. [01:25:28] * SvenDowideit_ (n=SvenDowi@twiki/developer/SvenDowideit) has joined #openid
  7. [01:43:08] * SvenDowideit__ (n=SvenDowi@124-171-20-212.dyn.iinet.net.au) has joined #openid
  8. [01:43:13] * SvenDowideit (n=SvenDowi@twiki/developer/SvenDowideit) Quit (Read error: 101 (Network is unreachable))
  9. [01:54:29] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  10. [02:03:50] * SvenDowideit_ (n=SvenDowi@twiki/developer/SvenDowideit) Quit (Read error: 101 (Network is unreachable))
  11. [02:24:09] * a9913 (n=me@unaffiliated/a9913) Quit ("IRC is just multiplayer notepad")
  12. [02:28:22] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  13. [03:05:01] * a9913 (n=me@unaffiliated/a9913) Quit ("IRC is just multiplayer notepad")
  14. [03:14:41] * e_s_p (n=evan@pdpc/supporter/silver/evanpro) Quit (Read error: 113 (No route to host))
  15. [04:28:26] * stub (n=stub@ppp-58-8-10-209.revip2.asianet.co.th) has joined #openid
  16. [04:50:40] * GabeW_ (i=gwachob@milkshakes.org) has joined #openid
  17. [04:51:22] * GabeW (i=gwachob@pdpc/supporter/professional/GabeW) Quit (Read error: 104 (Connection reset by peer))
  18. [05:14:14] * stub (n=stub@canonical/launchpad/stub) Quit ("Leaving.")
  19. [06:10:51] * flaccid (n=flaccid@124.189.84.12) has joined #openid
  20. [06:25:36] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  21. [06:33:06] * hanekomu (n=hanekomu@88-117-79-54.adsl.highway.telekom.at) has joined #openid
  22. [07:03:47] * lulurun (n=liu@219.106.248.145) has left #openid
  23. [07:20:56] * xpo (n=xpo@bgl93-2-82-226-41-47.fbx.proxad.net) Quit ()
  24. [07:50:10] * hanekomu (n=hanekomu@88-117-79-54.adsl.highway.telekom.at) Quit ("Leaving...")
  25. [07:53:52] * ronny (n=ronny@ronny.uberhost.de) has joined #openid
  26. [07:54:23] <ronny> yo
  27. [07:55:21] <ronny> whats up with all the pishing-issues that are described in various blogs
  28. [07:55:55] * stub (n=stub@ppp-58-8-10-209.revip2.asianet.co.th) has joined #openid
  29. [07:59:05] * xpo (n=xpo@nat/af83/x-768c71ac9fabc03d) has joined #openid
  30. [08:01:49] * ToolMan (n=FMeulenk@host-060.194.115.212.psi.de) has joined #openid
  31. [08:08:05] <flaccid> ronny: up?
  32. [08:08:56] <ronny> well, i just started reading up on openid, and there seem to be tonns of ways to do pishing/xss/tracking
  33. [08:22:50] <flaccid> and?
  34. [08:24:20] <ronny> will any future openid try to solve this, or will this just be ignored ?
  35. [08:27:25] <flaccid> do you understand why phishing is possible?
  36. [08:29:18] <flaccid> ronny: please read 15.3. User Interface Considerations - http://openid.net/specs/openid-authentication-2_0.html
  37. [08:32:05] <Chaz6> I need a bit of reading on the use of SSL - either on the referral or the provider, or both
  38. [08:32:08] <ronny> flaccid: well, phishing is possible cause the service may redirect to a malicious proxy instead of the auth provider
  39. [08:32:38] <flaccid> ronny: correct.
  40. [08:33:08] <flaccid> thats 15.1.2.1. Rogue Relying Party Proxying
  41. [08:33:33] <Chaz6> There is also dns hijacking, which won't be solved until the root zones start signing them with dnssec
  42. [08:33:43] <flaccid> thats true
  43. [08:33:57] <Chaz6> Even then, you put all your trust in one organization
  44. [08:34:59] <flaccid> have to trust someone..
  45. [08:35:39] <ronny> hmm
  46. [08:36:30] <flaccid> thats why openid providers are essentially security providers as well
  47. [08:42:07] <ronny> hmmk
  48. [08:42:20] * bens_ (n=bens@gateb.mh.bbc.co.uk) has joined #openid
  49. [08:44:09] * eburcat (n=eitanb@77.125.135.105) Quit (Read error: 110 (Connection timed out))
  50. [08:44:17] * eburcat (n=eitanb@77.127.207.238) has joined #openid
  51. [08:47:30] <Chaz6> The best way to protect yourself against these attacks is to sign into your provider at the start of a browsing session
  52. [08:47:50] <Chaz6> Then if ever you get prompted to log in again, you can be reasonably sure that a phishing attack is being performed
  53. [08:48:25] <flaccid> true. excpet for the session timeout with the provider
  54. [08:48:56] <Chaz6> I have a setting with my provider that doesn't let me log in through a referral, so that's also another indicator
  55. [08:49:31] * danieljohnlewis (n=danieljo@82-33-96-84.cable.ubr10.azte.blueyonder.co.uk) has joined #openid
  56. [08:49:46] <Chaz6> There is still the flaw of the browser though
  57. [08:50:07] <Chaz6> I think it's impossible to log in using a different browser as there are few that can share cookie stores
  58. [08:50:36] <Chaz6> I suppose you could dig it out by hand and copy it, but that's not straight forward
  59. [08:51:09] <Chaz6> I don't think the browser is that susceptible to being hijacked though
  60. [08:52:42] * hillsy (n=shhi2@npfit3.dh.bytemark.co.uk) has joined #openid
  61. [09:16:30] * bens_ (n=bens@gateb.mh.bbc.co.uk) Quit (Remote closed the connection)
  62. [09:22:21] * illustir (n=alper@s55912056.adsl.wanadoo.nl) has joined #openid
  63. [09:22:21] * Didac (n=Nightmar@148.Red-83-36-121.dynamicIP.rima-tde.net) Quit (Read error: 104 (Connection reset by peer))
  64. [09:28:25] * xpo (n=xpo@nat/af83/x-768c71ac9fabc03d) Quit ()
  65. [09:37:39] * ronny (n=ronny@ronny.uberhost.de) has left #openid
  66. [09:39:18] * Didac (n=Nightmar@148.Red-83-36-121.dynamicIP.rima-tde.net) has joined #openID
  67. [09:43:35] * a9913 (n=me@unaffiliated/a9913) Quit ("IRC is just multiplayer notepad")
  68. [09:45:36] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  69. [10:05:30] * a9913 (n=me@unaffiliated/a9913) Quit ("IRC is just multiplayer notepad")
  70. [10:07:16] * xpo (n=xpo@nat/af83/x-839142423f43b165) has joined #openid
  71. [10:35:45] <flaccid> im not sure why php-openid server/example uses openid_url for the local login username in the form etc.?
  72. [10:36:52] * bens_ (n=bens@gatea.thls.bbc.co.uk) has joined #openid
  73. [11:04:46] * illustir (n=alper@s55912056.adsl.wanadoo.nl) Quit (Read error: 104 (Connection reset by peer))
  74. [11:05:14] * illustir (n=alper@s55912056.adsl.wanadoo.nl) has joined #openid
  75. [11:34:12] * e_s_p (n=evan@pdpc/supporter/silver/evanpro) has joined #openid
  76. [12:04:00] * illustir (n=alper@s55912056.adsl.wanadoo.nl) Quit ()
  77. [12:20:19] * shigeta (n=shigeta@124.32.114.226) Quit ("Leaving...")
  78. [12:25:15] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  79. [12:36:20] * e_s_p (n=evan@pdpc/supporter/silver/evanpro) Quit (Read error: 113 (No route to host))
  80. [12:37:17] * dazjorz (n=dazjorz@hannibal.dazjorz.com) Quit (Read error: 104 (Connection reset by peer))
  81. [12:38:36] * dazjorz (n=dazjorz@hannibal.dazjorz.com) has joined #openid
  82. [12:45:11] * stub (n=stub@canonical/launchpad/stub) Quit ("Leaving.")
  83. [13:00:26] * a9913 (n=me@unaffiliated/a9913) Quit (Read error: 104 (Connection reset by peer))
  84. [13:01:06] * idnar_ is now known as idnar
  85. [13:01:53] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  86. [13:16:48] <Chaz6> Someone seems to have tried to trademark the OpenID logo and text in the UK
  87. [13:23:07] * bens_ (n=bens@gatea.thls.bbc.co.uk) Quit (Remote closed the connection)
  88. [13:32:03] * a9913 (n=me@unaffiliated/a9913) Quit (Remote closed the connection)
  89. [13:36:27] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  90. [13:41:14] * a9913 (n=me@unaffiliated/a9913) Quit (Read error: 104 (Connection reset by peer))
  91. [13:44:42] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  92. [13:48:50] * a9913 (n=me@unaffiliated/a9913) Quit (Remote closed the connection)
  93. [13:50:00] <peace-keeper> how mean
  94. [13:51:59] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  95. [14:12:44] * a9913 (n=me@unaffiliated/a9913) Quit ("IRC is just multiplayer notepad")
  96. [14:23:36] * bens_ (n=bens@gatea.mh.bbc.co.uk) has joined #openid
  97. [14:30:11] * djl_ (n=danieljo@82-33-96-84.cable.ubr10.azte.blueyonder.co.uk) has joined #openid
  98. [14:34:56] * Didac (n=Nightmar@148.Red-83-36-121.dynamicIP.rima-tde.net) Quit (Read error: 104 (Connection reset by peer))
  99. [14:46:08] <nicomen> can I download the source of the diagnose-server on openidenabled somewhere?
  100. [14:46:13] <nicomen> would like to run it offline
  101. [14:50:52] * Didac (n=Nightmar@79.Red-81-39-251.dynamicIP.rima-tde.net) has joined #openID
  102. [15:00:10] * danieljohnlewis (n=danieljo@82-33-96-84.cable.ubr10.azte.blueyonder.co.uk) Quit (Read error: 110 (Connection timed out))
  103. [15:09:15] * xpo (n=xpo@nat/af83/x-839142423f43b165) Quit ()
  104. [15:25:29] * illustir (n=alper@s55912056.adsl.wanadoo.nl) has joined #openid
  105. [15:29:55] * a9913 (n=me@unaffiliated/a9913) has joined #openid
  106. [15:30:00] * xpo (n=xpo@nat/af83/x-7f9148fda8d9782f) has joined #openid
  107. [15:30:22] * dw (i=dmwdmw@195.242.221.42) has joined #openid
  108. [16:11:31] * a9913_ (n=me@unaffiliated/a9913) has joined #openid
  109. [16:13:13] * xpo (n=xpo@nat/af83/x-7f9148fda8d9782f) Quit ()
  110. [16:19:41] * a9913_ (n=me@unaffiliated/a9913) Quit (Remote closed the connection)
  111. [16:21:29] * a9913_ (n=me@unaffiliated/a9913) has joined #openid
  112. [16:22:26] * illustir (n=alper@s55912056.adsl.wanadoo.nl) Quit (Read error: 104 (Connection reset by peer))
  113. [16:22:36] * illustir (n=alper@s55912056.adsl.wanadoo.nl) has joined #openid
  114. [16:28:25] * a9913 (n=me@unaffiliated/a9913) Quit (Read error: 110 (Connection timed out))
  115. [16:35:59] * eburcat (n=eitanb@77.127.207.238) Quit ()
  116. [16:37:19] * e_s_p (n=evan@pdpc/supporter/silver/evanpro) has joined #openid
  117. [16:42:47] * e_s_p (n=evan@pdpc/supporter/silver/evanpro) has left #openid
  118. [16:47:16] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) has joined #openid
  119. [17:11:59] * metadaddy (n=metadadd@nat/sun/x-4e497460c17be70b) has joined #openid
  120. [17:11:59] <jibot> metadaddy is Pat Patterson - http://blogs.sun.com/superpat/ - federation architect at http://www.sun.com/identity/ and Sun's 'community guy' on http://opensso.dev.java.net/
  121. [17:13:18] * ToolMan (n=FMeulenk@host-060.194.115.212.psi.de) has left #openid
  122. [17:15:48] * eburcat (n=eitanb@77.127.207.238) has joined #openid
  123. [17:19:04] * djl_ (n=danieljo@82-33-96-84.cable.ubr10.azte.blueyonder.co.uk) Quit (Read error: 104 (Connection reset by peer))
  124. [17:22:35] * a9913_ (n=me@unaffiliated/a9913) Quit (Remote closed the connection)
  125. [17:36:40] * Jj__ (n=jotajota@201.240.197.54) has joined #openid
  126. [17:38:25] * Jj__ is now known as Jj
  127. [17:46:09] <Jj> hey
  128. [17:46:36] <Jj> I'm looking for OpenID info and besides specs I find lots of articles listing security issues...
  129. [17:46:48] <Jj> and I can't really find any site addressing them
  130. [17:48:02] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) Quit ()
  131. [17:49:53] <Chaz6> Jj: Are these the phishing attacks that seem to be all the rage in blogs right now?
  132. [17:51:06] <Jj> Chaz6: yes, mostly..
  133. [17:51:20] <Jj> I know that's not an OpenID issue, that will happen with whatever technology
  134. [17:51:35] <Chaz6> Jj, well then really I should write a post about it seeing as noone else has
  135. [17:51:45] <Jj> but there are not many pro openid
  136. [17:51:48] <Chaz6> There are two simple ways to prevent phishing attacks
  137. [17:52:10] <Chaz6> Firstly, sign into your account at the beggining of your session. If you get prompted to log in again, you know you're being attacked.
  138. [17:52:26] <Chaz6> Secondly, use a provider which prevents log-ins through referrals.
  139. [17:52:30] * hillsy (n=shhi2@npfit3.dh.bytemark.co.uk) Quit ("Leaving")
  140. [17:52:38] <Jj> asn in the http referer?
  141. [17:53:17] <Chaz6> I mean, when you login to an RP and it redirects to your provider, the provider asks you to sign in at their official log-in page
  142. [17:54:06] <Jj> yes.. but that could be spoofed
  143. [17:54:22] <Jj> Is it possible to embed the username and pw fields in the RP sites via Iframe or such?
  144. [17:54:40] <Chaz6> Yes, if you do not trust the administrator(s) of the machine and/or network you are using
  145. [17:54:43] <Jj> I think google does something similar with their own auth system
  146. [17:54:56] <Chaz6> Jj, that won't work when the provider prevents logins through referrals
  147. [17:55:07] <Chaz6> I know that if ever a site prompts me for credentials, then it's an attack
  148. [17:55:18] <Chaz6> Besides, I don't even use a username and password to login to my provider
  149. [17:55:30] <Chaz6> So trying to get those is pretty futile
  150. [17:56:08] <Jj> yes. I like that idea about other kind of credentials
  151. [17:56:17] <Jj> but general public isnt ready for that yet
  152. [17:56:25] <Jj> we are developing a site of websites
  153. [17:56:39] <Chaz6> No, the best thing that a user can do is to open a new browser window in order to log into their provider
  154. [17:56:59] <Jj> for which we wanted to use openid, as provider
  155. [17:57:09] <Jj> hahaha, but my gradma wont do that
  156. [17:57:11] <Chaz6> Either that or choose a provider that provides authentication methods other than plaintext (for example openid.ee)
  157. [17:57:19] <Jj> we are aiming to those kinda users
  158. [17:57:25] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) has joined #openid
  159. [17:57:47] <Chaz6> Indeed, the problem is education
  160. [17:57:57] <Jj> yes :-\
  161. [17:58:09] <Jj> My team is arguing about implementing some auth system for our own apps
  162. [17:58:19] <Chaz6> The best thing you can do as a provider is to educate your users. I think that it would be good if it was mandatory to use the official log-in url of the provider
  163. [17:58:52] <Jj> when i wanted to deploy a local OP and have my own apps use taht OP
  164. [17:59:18] <Chaz6> OpenID may not be the best solution for your situation
  165. [18:00:00] <Jj> this will be an open site... but i wanted to save the hassle to develop another auth system
  166. [18:00:19] <Chaz6> Look at single sign-on systems such as Atlassian Crowd, PingIdentity and OpenSSO
  167. [18:00:38] <Chaz6> OpenID is merely one mechanism you can use for federation
  168. [18:00:57] <Chaz6> The first two I know support OpenID
  169. [18:01:04] <Chaz6> OpenSSO I am not sure of
  170. [18:01:27] <Jj> the apps we're delveloping will be for general internet use
  171. [18:01:49] <Jj> but we will be in control of the first 10 sites... for which I thought openid could be a solution
  172. [18:01:56] <Chaz6> Right, then you probably want to consider supporting OpenID as a relying party
  173. [18:03:31] * conner_bw (n=conner_b@bas16-montreal02-1279374938.dsl.bell.ca) has joined #openid
  174. [18:03:52] <Chaz6> It sounds as though what you need is a combination of the two
  175. [18:04:06] * conner_bw (n=conner_b@bas16-montreal02-1279374938.dsl.bell.ca) Quit (Client Quit)
  176. [18:04:16] <Jj> I liked the openid idea, but people in the project wont take the chance to 'educate' users
  177. [18:04:21] <Chaz6> E.g. I sign-up as a user with my OpenID, and I create an account, with which I can use any of the 10 different websites
  178. [18:04:41] <Jj> That's what we're trying to do
  179. [18:04:51] * bens_ (n=bens@gatea.mh.bbc.co.uk) Quit (Remote closed the connection)
  180. [18:05:02] <Chaz6> What the web certainly doesn't need is another OpenID provider
  181. [18:05:28] <Chaz6> As all the big web sites are becoming providers and not consumers, it defeats the point of the system
  182. [18:05:45] <Jj> In our case the provider isn't just a plain provider, but an actual site.
  183. [18:06:05] <Chaz6> Such as livejournal, aol, yahoo, etc etc
  184. [18:06:16] <Jj> and we intended to use that to sell the idea to the VP that when you use openid you have also a userbase
  185. [18:06:30] <Jj> yes... but people in Peru dont even know that they are OPs
  186. [18:07:28] <Chaz6> OpenID isn't necessarily an existing user-base, as users still need an account on the site (unless it's for simple things like leaving comments)
  187. [18:07:48] <Jj> hey, i'll be back later
  188. [18:07:49] <Jj> thanks!
  189. [18:07:55] <Chaz6> Ok! Take care
  190. [18:08:05] <Jj> thanks~
  191. [18:17:42] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) Quit ()
  192. [18:21:56] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) has joined #openid
  193. [18:26:14] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) Quit (Client Quit)
  194. [18:35:42] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) has joined #openid
  195. [18:37:44] * xpo (n=xpo@LMontsouris-152-61-5-195.w80-13.abo.wanadoo.fr) Quit (Client Quit)
  196. [19:00:14] * PibbRelay (n=supybot@nat/janrain/x-8e0f4e62fcd862a1) Quit (SendQ exceeded)
  197. [19:09:34] * dazjorz (n=dazjorz@hannibal.dazjorz.com) Quit ("Changing server")
  198. [20:26:15] * keturn (n=kevint@pdpc/supporter/sustaining/keturn) Quit (Read error: 110 (Connection timed out))
  199. [20:34:08] * keturn (n=kevint@pdpc/supporter/sustaining/keturn) has joined #openid
  200. [20:46:33] * xpo (n=xpo@bgl93-2-82-226-41-47.fbx.proxad.net) has joined #openid
  201. [20:49:56] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
  202. [21:03:08] * conner_bw (n=conner_b@bas16-montreal02-1279374938.dsl.bell.ca) has joined #openid
  203. [21:13:53] * idnar (i=mithrand@unaffiliated/idnar) Quit (Read error: 110 (Connection timed out))
  204. [21:19:35] * dw (i=dmwdmw@unaffiliated/dw) Quit (Read error: 104 (Connection reset by peer))
  205. [21:23:20] * Jj (n=jotajota@201.240.197.54) Quit (Read error: 104 (Connection reset by peer))
  206. [21:26:05] * Jj (n=jotajota@200.106.117.209) has joined #openid
  207. [21:58:44] * conner_bw (n=conner_b@bas16-montreal02-1279374938.dsl.bell.ca) Quit ()
  208. [22:04:08] * dynamo (n=dynamic@66-224-171-138.atgi.net) has joined #openid
  209. [22:12:58] * jpwatts (n=joel@cpe-76-184-128-87.tx.res.rr.com) has joined #openid
  210. [22:26:29] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) Quit ("upgrade")
  211. [22:43:02] * Fitzsimmons (n=justin@unaffiliated/fitzsimmons) Quit ("Ex-Chat")
  212. [22:53:07] * dw (i=dmwdmw@v.je) has joined #openid
  213. [22:53:40] * _keturn (n=acapnoti@pdpc/supporter/sustaining/keturn) has joined #openid
  214. [23:06:00] * illustir (n=alper@s55912056.adsl.wanadoo.nl) Quit (Read error: 104 (Connection reset by peer))
  215. [23:06:21] * illustir (n=alper@s55912056.adsl.wanadoo.nl) has joined #openid
  216. [23:07:02] * illustir (n=alper@s55912056.adsl.wanadoo.nl) Quit (Client Quit)
  217. [23:44:06] * MacTed (n=Thud@twentyfourmullen.hsd1.ma.comcast.net) has joined #openid

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.