IRC Log for #openid on 2009-09-19

Timestamps are in UTC.

  1. [00:08:48] * flaccid (n=flaccid@unaffiliated/flaccid) Quit ()
  2. [00:09:08] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) Quit (Remote closed the connection)
  3. [00:09:19] * xpo (n=xpo@bearstech/xpo) has joined #openid
  4. [00:33:00] * xpo (n=xpo@bearstech/xpo) Quit ("see yas")
  5. [01:32:06] * flaccid (n=flaccid@64.136.144.227) has joined #openid
  6. [01:44:14] * karstensrage (n=karstens@c-71-202-243-186.hsd1.ca.comcast.net) has joined #openid
  7. [02:06:30] * theMadness (n=petal@host50-5-static.58-217-b.business.telecomitalia.it) has joined #openid
  8. [02:07:00] <theMadness> Ok, I need an evangelist to sell me on OpenID, anyone here willing to preach to a quasi-choir?
  9. [02:07:26] <karstensrage> quasi-choir?
  10. [02:07:37] <theMadness> I'm half convinced.
  11. [02:07:57] <karstensrage> whats the other half?
  12. [02:08:23] <theMadness> The way it works, the possible catches.
  13. [02:08:32] <theMadness> The "criticism" bit on wikipedia, basically.
  14. [02:08:57] <theMadness> I mean not what is actually in the wikipedia page about openid, but stuff that might eventually go there.
  15. [02:09:40] <karstensrage> well youre talking to absolute wrong guy :)
  16. [02:09:49] <karstensrage> to the...
  17. [02:10:02] <theMadness> Aw come on, try some criticism.
  18. [02:10:10] <theMadness> There MUST be a catch.
  19. [02:10:15] <karstensrage> no i mean i have nothing but criticism
  20. [02:10:22] <theMadness> Ah.
  21. [02:10:36] <theMadness> Shoot.
  22. [02:10:42] <karstensrage> my mother always told me, if you have nothing nice to say.....
  23. [02:11:01] <theMadness> But I'm asking for that.
  24. [02:11:13] <theMadness> Tell me I'm fat and I'm ugly, I won't mind.
  25. [02:11:25] <theMadness> Mostly 'cause I'm not.
  26. [02:11:44] <karstensrage> would you mind talking pm?
  27. [02:12:43] <theMadness> Sure, It's ok.
  28. [02:36:06] <theMadness> Let's see if anyone can help me shed some light on this.
  29. [02:36:31] <theMadness> I access a site, I put in my openid url, I get sent to that url, login, and then get sent back.
  30. [02:36:45] <theMadness> How can the site I'm accessing make sure that I gave the right data to the provider?
  31. [02:45:39] * tbbrown (n=tom@doc-209-33-85-251.kingwood.tx.cebridge.net) has joined #openid
  32. [02:51:26] <flaccid> gave the right data ?
  33. [02:52:43] <flaccid> theMadness: can you be a bit more concise ?
  34. [02:53:00] <theMadness> Yes, why?
  35. [02:53:13] <flaccid> because i don't understand your question
  36. [02:53:59] <theMadness> I visit a site, input my openid url, get sent to the page to log in, then get sent back. How can the original site know if I entered the right data in the openid page?
  37. [02:54:13] <Brend> What's the right data?
  38. [02:54:23] <theMadness> A correct username/password pair?
  39. [02:54:28] <Brend> You mean, how can it know whether you successfully authenticated with the provider?
  40. [02:54:34] <theMadness> Yes.
  41. [02:54:53] <theMadness> http://leancode.com/wp-content/uploads/2007/02/openid_protocol.png (courtesy karstensrage)
  42. [02:55:01] <flaccid> because of the crypto handshakes that the openid protocol uses
  43. [02:55:01] <Brend> The relying party (the site being visited) has already negotiated a shared secret with the provider
  44. [02:55:13] <Brend> Which it can use to check that the token the user gave back was genuine
  45. [02:55:18] <theMadness> This kinds of explains it, but does that mean that the RP has to store the secret somewhere and check it back later?
  46. [02:55:18] <Brend> Hooray, math
  47. [02:55:19] <flaccid> otherwise it would be arbitrary and insecure
  48. [02:55:32] <flaccid> theMadness: no.
  49. [02:55:42] <theMadness> Sweet.
  50. [02:55:47] <Brend> Well, it doesn't *have* to
  51. [02:55:48] <theMadness> How then?
  52. [02:55:50] <Brend> But it's faster if it does.
  53. [02:56:08] <flaccid> the RP doesn't have to store anything
  54. [02:56:54] <Brend> If it has an association, it does. It has the OP's public key and the shared secret
  55. [02:57:07] <theMadness> So I come, give the url, go to IdP, log in, go back, and then?
  56. [02:57:39] <flaccid> in openid its called an OP. if the openid response is valid then authentication is successful
  57. [02:57:44] <theMadness> Do I go back with some querystring telling I have auth'ed?
  58. [02:57:58] <flaccid> theMadness: yes its all get or post http requests
  59. [02:59:04] <theMadness> So basically from the IdP I go back with RP.tld?userid=example.com/thedude&secret=foobar, the RP checks with the IdP that those values are kosher, and we all live happily ever after?
  60. [02:59:23] <Brend> theMadness: That's one way, but it's not the recommended way
  61. [02:59:49] <Brend> The recommended way is that the RP negotiates a shared secret with the OP before the user goes to log in, and then uses that to verify their nonce thingy when they come back
  62. [02:59:59] <theMadness> Ok, what is an OP.
  63. [03:00:13] <theMadness> Openid Provider?
  64. [03:00:22] <Brend> Yes
  65. [03:00:32] <Brend> RP is Relying Party, the site the user is logging into
  66. [03:00:33] <theMadness> But in that case the RP has to store the secret.
  67. [03:00:38] <Brend> Right.
  68. [03:00:52] <Brend> If it doesn't want to store things, it can do it the other way
  69. [03:01:20] <theMadness> Funny, in the same day I got a hgih result in a pre-test for mensa, and felt an idiot thanks to openid.
  70. [03:01:45] <theMadness> But the other way sends a secret around that (hopefully) has an expire date.
  71. [03:01:49] <Brend> The only reason I have any grip on it is that I've spent the last two days implementing it :)
  72. [03:01:59] <Brend> Yes, it's called an association, and it has an expiry time
  73. [03:02:13] <theMadness> It might get sniffed and reused?
  74. [03:02:44] <Brend> It's done by DH key exchange, it's pretty sniff-proof
  75. [03:02:58] <Brend> (or by TLS)
  76. [03:03:00] <theMadness> You see, the chief intrest I have in openid is because I can't have https, and I don't want to send around passes unencrypted, and I hope that some OP allows https access.
  77. [03:03:27] <Brend> The DH method doesn't need https.
  78. [03:03:45] <theMadness> Define DH and non-DH.
  79. [03:04:12] <theMadness> Please.
  80. [03:04:20] <theMadness> Forgot the magic word.
  81. [03:04:25] <Brend> DH is Diffie Hellman
  82. [03:04:37] <Brend> The RP chooses a couple numbers and uses them to generate a public key, and sends those three things to the OP
  83. [03:04:56] <flaccid> theMadness: the query string you gave is nothing like what openid does
  84. [03:05:03] <Brend> The OP uses them to choose a shared secret, and sends it back to the RP
  85. [03:05:18] <Brend> The math is a little over my head, but it means you can't sniff it.
  86. [03:05:21] <theMadness> flaccid, I certainly hope so, I'm trying to grok the functionality.
  87. [03:06:24] <Brend> It's pretty much the same thing TLS / SSL do to establish sessions
  88. [03:14:36] * flaccid (n=flaccid@unaffiliated/flaccid) Quit (Connection reset by peer)
  89. [03:14:43] * flaccid (n=flaccid@64.136.144.227) has joined #openid
  90. [03:37:40] * playya (n=playya@unaffiliated/playya) has joined #openid
  91. [03:45:17] <flaccid> theMadness: i got cut off, but are you all cool with openid now?
  92. [03:45:41] * Ideal (n=Ideal@2002:50f9:5cad:0:0:0:0:1) has joined #openid
  93. [03:46:12] * playya__ (n=playya@unaffiliated/playya) Quit (Read error: 110 (Connection timed out))
  94. [03:47:57] <theMadness> I got the idea.
  95. [03:48:08] <theMadness> I need to decide whether it's worth the effort or not.
  96. [03:48:27] <theMadness> It surely is for stuff like wordpress, but I'm more concerned with custom apps I develop.
  97. [03:50:04] <flaccid> whats the actual problem ?
  98. [03:50:26] <theMadness> None, I just have to try it and see if I can do it.
  99. [03:51:08] * flaccid_ (n=flaccid@64.136.144.227) has joined #openid
  100. [03:51:41] <flaccid_> ooops i got dissed again. what problems do you have ?
  101. [03:51:47] <theMadness> None, I just have to try it and see if I can do it.
  102. [03:52:07] <flaccid_> sounds good to me
  103. [03:54:07] * Ideal_ (n=Ideal@2002:50f9:5f5a:0:0:0:0:1) Quit (Read error: 60 (Operation timed out))
  104. [03:55:03] <Brend> Depending on your language, there may well be libraries available already which will make it trivial.
  105. [03:55:19] * mosites (n=mosites@static-98-112-71-211.lsanca.dsl-w.verizon.net) Quit ("Streamy (http://www.streamy.com/)")
  106. [03:55:19] <theMadness> php mostly.
  107. [03:55:28] <Brend> Then you're set
  108. [03:55:48] <theMadness> I don't sell the bear skin before I caught it tho :P
  109. [03:55:48] <flaccid_> php-openid works fine and has an example
  110. [04:11:23] * flaccid (n=flaccid@unaffiliated/flaccid) Quit (Read error: 110 (Connection timed out))
  111. [04:11:23] * flaccid_ is now known as flaccid
  112. [04:57:38] * flaccid (n=flaccid@unaffiliated/flaccid) Quit (Read error: 104 (Connection reset by peer))
  113. [04:57:45] * flaccid (n=flaccid@64.136.144.227) has joined #openid
  114. [08:44:45] * qwp0` (n=qwp0@gw.localnet.sk) has joined #openid
  115. [09:00:31] * hillsy (n=shhi2@npfit3.dh.bytemark.co.uk) has joined #openid
  116. [09:02:51] * hillsy (n=shhi2@npfit3.dh.bytemark.co.uk) Quit (Client Quit)
  117. [09:10:13] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Read error: 113 (No route to host))
  118. [09:17:22] * qwp0` (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  119. [09:17:53] * qwp0` (n=qwp0@gw.localnet.sk) has joined #openid
  120. [09:28:06] * xpo (n=xpo@bearstech/xpo) has joined #openid
  121. [10:28:12] * qwp0` (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  122. [10:28:42] * qwp0` (n=qwp0@gw.localnet.sk) has joined #openid
  123. [11:05:56] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) has joined #openid
  124. [11:09:04] * Ideal_ (n=Ideal@2002:50f9:5dcb:0:0:0:0:1) has joined #openid
  125. [11:14:26] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) Quit (Remote closed the connection)
  126. [11:16:46] * Ideal (n=Ideal@2002:50f9:5cad:0:0:0:0:1) Quit (Read error: 60 (Operation timed out))
  127. [11:18:54] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) has joined #openid
  128. [11:39:04] * tbbrown (n=tom@doc-209-33-85-251.kingwood.tx.cebridge.net) Quit ("leaving")
  129. [12:05:58] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) Quit (Remote closed the connection)
  130. [12:18:59] * qwp0`` (n=qwp0@gw.localnet.sk) has joined #openid
  131. [12:25:08] * qwp0`` (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  132. [12:25:38] * qwp0`` (n=qwp0@gw.localnet.sk) has joined #openid
  133. [12:31:36] * qwp0`` (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  134. [12:45:19] * qwp0` (n=qwp0@gw.localnet.sk) Quit (Read error: 113 (No route to host))
  135. [13:04:43] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) has joined #openid
  136. [14:00:54] * theMadness (n=petal@host50-5-static.58-217-b.business.telecomitalia.it) Quit ("is this needed?")
  137. [14:41:47] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) Quit (Remote closed the connection)
  138. [14:54:11] * xpo (n=xpo@bearstech/xpo) Quit ("see yas")
  139. [15:45:42] * Ideal_ (n=Ideal@2002:50f9:5dcb:0:0:0:0:1) Quit (Read error: 60 (Operation timed out))
  140. [15:49:29] * Ideal (n=Ideal@2002:50f9:5e0a:0:0:0:0:1) has joined #openid
  141. [15:51:05] * flaccid (n=flaccid@unaffiliated/flaccid) Quit (Read error: 60 (Operation timed out))
  142. [16:11:45] * playya (n=playya@unaffiliated/playya) Quit (Read error: 110 (Connection timed out))
  143. [16:37:21] * MrTopf (n=cs@82.113.121.157) has joined #openid
  144. [17:01:52] * MrTopf (n=cs@82.113.121.157) Quit (Read error: 110 (Connection timed out))
  145. [17:09:56] * MacTed (n=Thud@24.61.62.241) Quit ()
  146. [17:21:12] * Kaliya (n=Adium@adsl-68-125-160-80.dsl.pltn13.pacbell.net) has joined #openid
  147. [17:41:53] * Simon- (i=simon@proxima.lp0.eu) Quit (Read error: 60 (Operation timed out))
  148. [17:43:20] * Simon- (i=simon@proxima.lp0.eu) has joined #openid
  149. [17:52:00] * Kaliya (n=Adium@adsl-68-125-160-80.dsl.pltn13.pacbell.net) Quit ("Leaving.")
  150. [17:55:32] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) has joined #openid
  151. [18:20:40] * Kaliya (n=Adium@adsl-68-125-160-80.dsl.pltn13.pacbell.net) has joined #openid
  152. [18:22:09] * karstensrage (n=karstens@c-71-202-243-186.hsd1.ca.comcast.net) Quit ("Leaving")
  153. [18:23:32] * qwp0 (n=qwp0@gw.localnet.sk) has joined #openid
  154. [18:30:38] * xpo (n=xpo@bearstech/xpo) has joined #openid
  155. [18:38:07] * qwp0` (n=qwp0@gw.localnet.sk) has joined #openid
  156. [18:39:23] * qwp0 (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  157. [18:42:14] * Kaliya (n=Adium@adsl-68-125-160-80.dsl.pltn13.pacbell.net) Quit ("Leaving.")
  158. [18:54:18] * xpo (n=xpo@bearstech/xpo) Quit ("see yas")
  159. [18:54:35] * xpo (n=xpo@bearstech/xpo) has joined #openid
  160. [19:00:38] * xpo (n=xpo@bearstech/xpo) Quit ("see yas")
  161. [19:16:27] * qwp0` (n=qwp0@gw.localnet.sk) Quit (Remote closed the connection)
  162. [19:18:38] * qwp0` (n=qwp0@84.245.64.190) has joined #openid
  163. [19:46:06] * qwp0` (n=qwp0@84.245.64.190) Quit (Read error: 145 (Connection timed out))
  164. [20:07:35] * karstensrage (n=karstens@c-71-202-243-186.hsd1.ca.comcast.net) has joined #openid
  165. [20:09:32] * Ideal_ (n=Ideal@2002:50f9:5e0a:0:0:0:0:1) has joined #openid
  166. [20:09:40] * Ideal (n=Ideal@2002:50f9:5e0a:0:0:0:0:1) Quit (Read error: 54 (Connection reset by peer))
  167. [20:10:34] * flaccid (n=flaccid@unaffiliated/flaccid) has joined #openid
  168. [20:19:41] * Kaliya (n=Adium@68.125.160.80) has joined #openid
  169. [20:32:47] * Ideal_ (n=Ideal@2002:50f9:5e0a:0:0:0:0:1) Quit (Client Quit)
  170. [20:35:27] * Ideal (n=Ideal@2002:50f9:5f26:0:0:0:0:1) has joined #openid
  171. [20:58:56] * Kaliya (n=Adium@68.125.160.80) has left #openid
  172. [21:20:11] * Ideal_ (n=Ideal@2002:50f9:5c1b:0:0:0:0:1) has joined #openid
  173. [21:23:59] * Ideal (n=Ideal@2002:50f9:5f26:0:0:0:0:1) Quit (Read error: 60 (Operation timed out))
  174. [22:57:51] * xpo (n=xpo@bearstech/xpo) has joined #openid
  175. [23:11:01] * dwhittle (n=dwhittle@209.131.62.115) has joined #openid
  176. [23:14:44] * xpo (n=xpo@bearstech/xpo) Quit (Read error: 104 (Connection reset by peer))
  177. [23:15:06] * xpo (n=xpo@bearstech/xpo) has joined #openid
  178. [23:16:34] * daedeloth (n=daedelot@ip-81-11-177-172.dsl.scarlet.be) Quit (Remote closed the connection)
  179. [23:22:46] * dwhittle (n=dwhittle@209.131.62.115) Quit ("...")
  180. [23:40:08] * xpo (n=xpo@bearstech/xpo) Quit ("see yas")

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.