IRC Log for #openid on 2010-03-11

Timestamps are in UTC.

  1. [00:01:33] * Politoed (~hpeixoto@cica-proj.fe.up.pt) Quit (Ping timeout: 276 seconds)
  2. [00:08:23] * karstensrage (~chatzilla@ffnat.copart.com) Quit (Quit: ChatZilla 0.9.86 [Firefox 3.6/20100115144158])
  3. [00:17:36] * Kaliya1 (~Adium@cpe-66-68-191-74.austin.res.rr.com) has joined #openid
  4. [00:18:12] * Kaliya1 (~Adium@cpe-66-68-191-74.austin.res.rr.com) has left #openid
  5. [00:28:37] * gxgcristea (~gino@ip65-47-28-158.z28-47-65.customer.algx.net) Quit (Quit: Leaving.)
  6. [00:41:14] * abraxas (~ronkorvin@p10103-ipngn1501marunouchi.tokyo.ocn.ne.jp) has joined #openid
  7. [00:46:15] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) has joined #openid
  8. [01:11:31] * Zectbumo (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) has joined #openid
  9. [01:11:46] <Zectbumo> hello openid peeps
  10. [01:12:21] <flaccid> hi
  11. [01:12:55] <Zectbumo> I wanted to talk about delegated openid stuff
  12. [01:13:54] <Zectbumo> does anyone here have experience with delegation?
  13. [01:14:39] * kengyu (~kengyu@210.242.151.101) Quit (Quit: 暫離)
  14. [01:16:53] <Zectbumo> flaccid, do you know what I'm talking about?
  15. [01:19:32] * kengyu (~kengyu@210.242.151.101) has joined #openid
  16. [01:23:42] * Zectbumo_ (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) has joined #openid
  17. [01:24:40] * Zectbumo_ (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) Quit (Client Quit)
  18. [01:30:33] * Zectbumo_ (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) has joined #openid
  19. [01:30:42] <flaccid> wb
  20. [01:30:47] <flaccid> yes; what is the problem?
  21. [01:31:05] <Zectbumo> oh, I never left. That's my phone I'm playing with
  22. [01:31:14] <flaccid> rightio
  23. [01:31:28] <Zectbumo> so I am noticing that websites w/ openid logins don't act the way I was expecting them to
  24. [01:31:41] * Zectbumo_ (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) Quit (Client Quit)
  25. [01:31:51] <flaccid> how so?
  26. [01:32:00] <Zectbumo> I login using my delegate id and they use the local id instead
  27. [01:32:08] <Zectbumo> this makes the delegate id pointless IMO
  28. [01:32:17] <Zectbumo> other than saving me some keys
  29. [01:32:43] <Zectbumo> I want to be able to switch openid providers and still use my delegate id
  30. [01:33:02] <Zectbumo> but it just doesn't seem to be the case
  31. [01:34:19] <Zectbumo> even in openid's wiki, PBWorks, it does the same thing. it is a good example of how it doesn't use my delegate
  32. [01:34:40] <flaccid> what site is this? delegated identities are unique identities
  33. [01:35:10] <flaccid> if an RP uses the wrong identifier, then they have wrongly implemented
  34. [01:35:27] <flaccid> one example of this is facebook... which is a real shame and we have had no luck getting them to fix it
  35. [01:35:46] <flaccid> so yeah its called delegation for a reason, its not meant to be an alias
  36. [01:36:39] <Zectbumo> I'm trying to find the pbworks site, I'm on it now my.pbworks.com
  37. [01:36:58] <Zectbumo> I guess I was trying to join the openid workspaces
  38. [01:37:22] <Zectbumo> I'm not sure what that is, but I did use openid login
  39. [01:38:01] <Zectbumo> ok, so I'll walk through the 'what-if' steps
  40. [01:38:08] <flaccid> um so you used or delegated identity and they said you are authenticated as the local id on the OP
  41. [01:38:09] <flaccid> ?
  42. [01:38:16] <flaccid> or=your
  43. [01:38:22] <Zectbumo> yeah
  44. [01:38:33] <flaccid> contact them and say they have a serious bug
  45. [01:38:50] <Zectbumo> I make a delegate on my site, hello.com/me and it has delegate yahoo local_id yahoo/54td45thd43thd3
  46. [01:39:17] <Zectbumo> but it's worse than "a serious bug" everyone is doing it
  47. [01:39:48] <Zectbumo> I see it as a "serious communication error" on OpenID's part
  48. [01:40:26] <Zectbumo> ok, so let me finish my steps, just so I don't feel crazy here
  49. [01:40:37] <Zectbumo> so I made my delegate and I want to use it on sites
  50. [01:40:56] <Zectbumo> I enter in hello.com/me and they accept it and the contact yahoo with my local_id
  51. [01:41:01] <Zectbumo> sounds good so far
  52. [01:43:34] <Zectbumo> ?
  53. [01:43:49] * Zectbumo_ (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) has joined #openid
  54. [01:44:59] <flaccid> its clear in the specification and a lot of example RPs etc. available do this correctly. its not OpenID's fault if someone implements it wrongly
  55. [01:45:14] <flaccid> why don't you show me...
  56. [01:45:26] <flaccid> because you there is several ways to delegate and do discovery
  57. [01:46:00] <Zectbumo> ok, could you send me a best practices doc? I only found this http://wiki.openid.net/Relying-Party-Best-Practices but it makes no mention of delegating
  58. [01:46:16] <flaccid> i don't have a best practices doc
  59. [01:46:38] <flaccid> there is much easily found googling openid delegation
  60. [01:46:50] <Zectbumo> well, a link to it I mean. the part you mentioned "its clear in the specification"
  61. [01:46:59] <Zectbumo> ok
  62. [01:47:17] <Zectbumo> first link is broken http://wiki.openid.net/404.php?req=Delegation
  63. [01:47:25] <Zectbumo> btw
  64. [01:47:34] <flaccid> i don't run that site, you can contact the person who does..
  65. [01:47:52] <Zectbumo> k
  66. [01:48:23] <flaccid> http://openid.net/specs/openid-authentication-2_0.html
  67. [01:48:37] <flaccid> so did you want me to check your delegation or not?
  68. [01:48:46] <Zectbumo> sure
  69. [01:49:11] <Zectbumo> you can look at it, it's all set up
  70. [01:49:15] <flaccid> sam ruby's doc is still quite applicable http://intertwingly.net/blog/2007/01/03/OpenID-for-non-SuperUsers
  71. [01:49:44] <flaccid> ok for a start, you redirected to http://www.54.org/alfred/
  72. [01:49:52] <flaccid> although thats ok, there is no reason
  73. [01:49:56] <Zectbumo> ok
  74. [01:50:03] <flaccid> it should actually be the other way around, see http://no-www.org
  75. [01:50:03] <Zectbumo> as long as it's okay
  76. [01:50:14] <Zectbumo> it's just shorter to type
  77. [01:51:34] <Zectbumo> okay, you want me to do a rewrite?
  78. [01:52:11] <flaccid> you are delegating to different providers for openid 1 and openid 2
  79. [01:52:33] <flaccid> www is bogus, up to you what you want to do
  80. [01:54:10] <Zectbumo> ok, got it rewriting
  81. [01:54:26] <Zectbumo> thanks, that was always annoying
  82. [01:55:20] <Zectbumo> ok, next step
  83. [01:55:30] <flaccid> np
  84. [01:56:44] <flaccid> http://wiki2008.openid.net/Delegation
  85. [01:56:59] <Zectbumo> done
  86. [01:57:05] <Zectbumo> it's in the <head> section
  87. [01:58:00] <Zectbumo> now I log into a website. let's say stackoverflow.com
  88. [01:58:57] <flaccid> you are still double delegating.
  89. [01:59:21] <Zectbumo> oh the rewrite didn't work?
  90. [01:59:39] <keturn> various comments on http://blog.stackoverflow.com/2009/01/using-your-own-url-as-your-openid/ suggest that Yahoo breaks delegation
  91. [01:59:42] <Zectbumo> or do you mean that I have an openid and an openid2 entry
  92. [01:59:59] <flaccid> http redirect != delegation
  93. [01:59:59] <flaccid> [12:52] <flaccid> you are delegating to different providers for openid 1 and openid 2
  94. [02:00:12] <Zectbumo> yeah
  95. [02:00:31] <Zectbumo> one is blogger and the other yahoo
  96. [02:00:40] <Zectbumo> yahoo is openid2, blogger is openid1
  97. [02:00:46] <flaccid> i found it completely unacceptable that big players to which should be paying their staff decently fail in implementation
  98. [02:00:57] <Zectbumo> me too!
  99. [02:00:59] <flaccid> i don't recommend that personally
  100. [02:01:11] <flaccid> just because some OPs get confused
  101. [02:01:27] <flaccid> you can use an XRDS profile in openid 2.0 to do this via priority
  102. [02:02:22] <flaccid> 'i can implement openid both as an RP and OP, why can't facebook or yahoo?'...
  103. [02:02:27] <flaccid> hey keturn hope you been well..
  104. [02:03:09] <Zectbumo> but I think stackoverflow (SO) is still doing something wrong
  105. [02:03:22] <flaccid> please xplain
  106. [02:04:49] <keturn> http://developer.yahoo.net/forum/?showtopic=607 claims to support it, but they might be wrong
  107. [02:04:50] <Zectbumo> well, in that doc (http://blog.stackoverflow.com/2009/01/using-your-own-url-as-your-openid/) it says you use your own domain (codinghorror.com) and it's supposed to show up like that in their account page
  108. [02:06:23] <flaccid> you can use any url
  109. [02:07:11] <Zectbumo> so the error is that mine doesn't look like that
  110. [02:07:22] <Zectbumo> SO will use the yahoo one, never my 54.org one
  111. [02:08:18] <flaccid> we already talked about this
  112. [02:08:20] <Zectbumo> so if I change the OP in my 54.org then SO will not know who I am anymore since they never stored my 54.org openid url, they only stored the yahoo one
  113. [02:08:30] <flaccid> iirc stackoverflow respected my deledgation
  114. [02:08:40] <Zectbumo> it did? what OP do you use?
  115. [02:09:02] <flaccid> [12:35] <flaccid> what site is this? delegated identities are unique identities
  116. [02:09:02] <flaccid> [12:35] <flaccid> if an RP uses the wrong identifier, then they have wrongly implemented
  117. [02:09:15] <flaccid> myopenid. however my openid is not online atm
  118. [02:09:58] <keturn> flaccid: they're not? works for me.
  119. [02:10:13] * Zectbumo_ (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) Quit (Quit: Colloquy for iPhone - http://colloquy.mobi)
  120. [02:10:21] <flaccid> keturn whats not ?
  121. [02:10:44] <keturn> you said myopenid isn't online?
  122. [02:10:57] <flaccid> no, 'my openid', not 'myopenid'
  123. [02:11:17] <flaccid> keturn can you confirm that a delegated identity correctly works w/ stackoverflow?
  124. [02:11:19] <keturn> oh, gotcha
  125. [02:11:39] <keturn> keturn.net seems to work. I'm looking in to what happens with yahoo.
  126. [02:11:47] <Zectbumo> ok, so where were we?
  127. [02:12:44] <Zectbumo> flaccid: so your openid isn't online means that you can't use delegation?
  128. [02:12:49] <flaccid> as you can see Zectbumo keturn confirms it works w/ stackoverflow
  129. [02:13:33] <flaccid> Zectbumo well yeah, but its not big deal because i don't need it. most sites i use don't support openid
  130. [02:13:54] <flaccid> i just havnt re setup my blog. too much other stuff to do at work
  131. [02:14:36] <Zectbumo> keturn, so when you go into your account page it shows your delegate? not your local_id?
  132. [02:15:07] <keturn> Zectbumo: yeah
  133. [02:15:23] <Zectbumo> ok, I'll send a screenshot
  134. [02:15:38] <flaccid> keturn so you can confirm it works for yahoo?
  135. [02:16:39] <Zectbumo> http://54.org/go/u6GTjcu
  136. [02:17:01] <Zectbumo> I used 54.org/alfred to login, and that's what my profile says
  137. [02:17:21] <flaccid> Zectbumo which RP is this on?
  138. [02:17:54] <Zectbumo> RP is the proxy? 54.org?
  139. [02:19:05] <Zectbumo> or RP is the site? which the screenshot is of stackoverflow
  140. [02:19:13] <flaccid> no, RP is where you login aka the consumer in openid 1.x
  141. [02:19:41] <Zectbumo> login http://stackoverflow.com/
  142. [02:20:04] <flaccid> they have a bug
  143. [02:20:55] <Zectbumo> my friend says his 6 month old account works fine, shows his delegate url in profiles
  144. [02:21:06] <flaccid> you are delegating different to keturn
  145. [02:21:17] <flaccid> and that doesn't really conclude anything
  146. [02:21:18] <Zectbumo> but now he can't login using another computer. it only works on his because of some cookie that makes it work
  147. [02:21:28] <Zectbumo> I would guess if he ever logs out, he won't be able to get back in
  148. [02:21:38] <Zectbumo> I am delegating different?
  149. [02:21:38] <flaccid> i would suggest 1. delegating to one OP and 2. delegating the same way keturn.net has and test that..
  150. [02:21:52] <flaccid> yes
  151. [02:21:55] <Zectbumo> ok, what if I remove the blogger OP
  152. [02:22:02] <Zectbumo> and only do openid2 with yahoo
  153. [02:22:09] <flaccid> keturn do you know if the OP that is delegated can have any effect on this?
  154. [02:22:27] <flaccid> let me know when you have set it up and tested
  155. [02:23:14] <keturn> oh, crap, it's probably the stupid identifier recycling fragment
  156. [02:23:25] <Zectbumo> Ok, I removed openid and have only openid2
  157. [02:23:33] <flaccid> i didn't think anybody actually implemented that
  158. [02:24:06] <Zectbumo> BTW, this is happening on iusethis.com and pbworks.com as well.
  159. [02:24:14] * karstensrage (~karstensr@c-71-202-243-186.hsd1.ca.comcast.net) has joined #openid
  160. [02:24:46] <flaccid> i guess the problem could be with yahoo, but i can't remember the spec in this regard and don't have time to test and refresh
  161. [02:25:15] <flaccid> keturn would though :) and yangman might wake up
  162. [02:25:23] * singpolyma (~singpolym@dsl-67-204-32-120.acanac.net) has joined #openid
  163. [02:30:20] <flaccid> or maybe singpolyma "_
  164. [02:32:49] <flaccid> hey Zectbumo won't don't you delegate to a different OP or several other OPs and to try to rule in or out yahoo..
  165. [02:33:29] <Zectbumo> do you know of another openid2 provider. I noticed that keturn isn't using openid2
  166. [02:33:55] <flaccid> keturn is using openid2
  167. [02:33:59] <flaccid> myopenid supports it
  168. [02:34:16] <singpolyma> flaccid: my name was said?
  169. [02:34:18] <flaccid> the xrds profile..
  170. [02:34:33] <Zectbumo> oh yeah, his xrds does say 2.0
  171. [02:34:50] <flaccid> singpolyma well Zectbumo's delegated ID with stackoverflowing is showing as the local id on the OP and others don't seem to have this problem apparently
  172. [02:34:52] <Zectbumo> that must be new in the spec, I don't remember that part
  173. [02:35:17] <flaccid> its new in openid 2 but did not exist in 1.0 iirc
  174. [02:35:23] <Zectbumo> flaccid: "others" as in people with old accounts. If you make a new account it's a problem
  175. [02:35:46] <flaccid> Zectbumo right. that sounds like a bad implementation/bug on their side
  176. [02:36:00] <flaccid> if a user correctly delegates, the fault can only be upstream
  177. [02:36:05] <singpolyma> hmm, SO has never accepted my OpenID properly, I actually use my myopenid uri directly there :P
  178. [02:36:06] <Zectbumo> ok, but I'm back to pointing out that 3 other sites do the same thing
  179. [02:36:16] <keturn> okay, see http://gist.github.com/328741
  180. [02:36:46] <keturn> that's the id_res response to two different delegated requests, one yahoo and one not.
  181. [02:36:55] <flaccid> Zectbumo which is why i asked you to configure delegation etc. like keturn
  182. [02:37:07] <keturn> and you can see that the yahoo one puts the yahoo identifier (with fragment) as the claimed_id
  183. [02:37:10] <Zectbumo> roger, so can we say then that yahoo is to blame?
  184. [02:37:31] <keturn> not-yahoo leaves claimed_id alone.
  185. [02:37:42] <flaccid> keturn wow yahoo fail
  186. [02:38:05] <singpolyma> I believe yahoo does that for privacy reasons
  187. [02:38:29] <singpolyma> If you're going to delegate, better probably to use a provider not from a megacorp
  188. [02:38:47] <Zectbumo> ok
  189. [02:39:10] <flaccid> lol, thats such a clusterf**. openids are public which means they are not private to begin with, privacy is a non-issue
  190. [02:39:11] <Zectbumo> so the problem is that yahoo is returning the claimed_id as their own, and that's why all these sites are acting the same way
  191. [02:39:35] <flaccid> yeah changing claimed_id to the local id
  192. [02:39:47] <Zectbumo> blah! that's the problem then
  193. [02:39:56] <Zectbumo> ok, solved.
  194. [02:40:01] <Zectbumo> can I just make my own OP?
  195. [02:40:10] <flaccid> just use something decent like myopenid
  196. [02:40:19] <flaccid> even pip is ok iirc
  197. [02:40:26] <yangman> so, yahoo's fault afterall ;)
  198. [02:40:29] <flaccid> or you can make your own OP, your choice, but there is not really a need to
  199. [02:40:43] <flaccid> yeah i don't use yahoo, although i think i do have an account or 2
  200. [02:41:43] <Zectbumo> well, I just don't trust the "small guys" and what they will do, but the "big guys" don't seem to do it right, so I'm stuck. which is why I want to make my own
  201. [02:42:06] <flaccid> the big players abuse of openid continuously annoys and frustrates me. 'look all the big players adopted openid!' no they forked it, abused it and did whatever they want with it. i mean even amazon web services abuses it for their AWS login..
  202. [02:42:36] <flaccid> myopenid is not exactly small. they are larger than you.
  203. [02:42:44] <keturn> sadly, this is like two "features" of the OpenID 2.0 spec combining to break in a way that you couldn't break OpenID 1.1
  204. [02:42:51] <flaccid> i turst them. do you still trust them keturn :p
  205. [02:43:02] <flaccid> turst=trust
  206. [02:43:52] <keturn> as much as I trust any web service I'm not paying for, I guess ;)
  207. [02:44:00] <flaccid> hehe
  208. [02:44:06] <Zectbumo> yeah, the not paying for is the part that scares me
  209. [02:44:19] <Zectbumo> nothing is free
  210. [02:44:29] <flaccid> Zectbumo you do realise there is no risk here. there is no mandate on personal details and you control the delegation of your ID..
  211. [02:44:38] <Zectbumo> yes
  212. [02:44:39] <flaccid> an OP can't steal your domain
  213. [02:44:44] <keturn> but, hey, as long as you're just delegating to them, you're pretty well covered
  214. [02:44:55] <flaccid> thats it
  215. [02:45:03] <Zectbumo> I guess I shouldn't care that they know every openid website I go to
  216. [02:45:19] <Zectbumo> I assume that's their game, target advertising as usual.
  217. [02:45:25] <flaccid> i delegate to them because i won't set up my OP until i get around to do it. i'm going to update the python-openid django app to support the latest. whenever i get round to that..
  218. [02:45:53] <flaccid> Zectbumo no, myopenid sells corporate saas products such as RPX and OPX
  219. [02:45:58] <flaccid> they aint cheap either
  220. [02:46:17] <Zectbumo> so why are they doing openid services?
  221. [02:46:39] <flaccid> Zectbumo i can't answer on their behalf, how would i know ?
  222. [02:47:07] <Zectbumo> maybe you had an inkling?
  223. [02:47:10] <flaccid> but in saas/paas if you don't provide some kind of free edition, you are likely to fail..
  224. [02:47:34] <flaccid> i work for a paas company and we provide a free version
  225. [02:47:47] <flaccid> we also don't close up the 'userland' component of our platform
  226. [02:48:49] <Zectbumo> I guess salesforce.com has a free edition
  227. [02:49:14] <Zectbumo> and google
  228. [02:49:19] <Zectbumo> app engine
  229. [02:49:32] <flaccid> anything big provides free services..
  230. [02:49:36] <flaccid> name one that doesn't :)
  231. [02:50:05] <Zectbumo> isn't there a webservice I can just plug in to my webserver to become a OP?
  232. [02:50:06] <flaccid> the problem is the future of openid
  233. [02:50:51] <flaccid> its a real concern, so we can only rely on the NBTs to support it properly because its clear the big ones atm have no interest in being open
  234. [02:50:58] <Zectbumo> some apache CGI or something?
  235. [02:51:07] <flaccid> Zectbumo yes thats basically what OPX is
  236. [02:51:16] <Zectbumo> ok
  237. [02:51:20] <flaccid> i think there is some kind of apache mod, but i can't remember what it does
  238. [02:51:36] <flaccid> an apache mod or cgi or whatever is not a 'web service'
  239. [02:51:57] <flaccid> http://wiki.openid.net/Website_Software
  240. [02:52:01] <flaccid> http://wiki.openid.net/Run_your_own_identity_server
  241. [02:52:07] <Zectbumo> mod? is all the openid2 communication on port 80?
  242. [02:52:33] <flaccid> its port independent
  243. [02:52:36] <singpolyma> Zectbumo: it's on the port specified in the URI
  244. [02:52:43] <keturn> bloody hell. I think it's a spec bug. it's impossible to issue identifier-recycling-fragments and keep delegation working.
  245. [02:52:49] <singpolyma> which for HTTP is assumed to be 80 if left out
  246. [02:52:52] <Zectbumo> ok, cool. then I should be able to get a CGI to do the right thing
  247. [02:53:11] <flaccid> man why has chris messina consistently not done 'Cool URIs don't change' with these openid wikis? it really annoys me and looks totally amateurish
  248. [02:53:15] <Zectbumo> keturn: what did you find?
  249. [02:53:37] <flaccid> keturn wow. but how do you confirm that this is ident recycling?
  250. [02:53:58] <keturn> flaccid: well, the only way to do identifier recycling fragments is to send them back in claimed_id
  251. [02:54:03] <yangman> huh. I wasn't even aware there was an identifier recycling mechanism
  252. [02:54:07] <keturn> they don't show up in any other part of the protocol
  253. [02:54:25] <flaccid> keturn but isn't that a http url param
  254. [02:54:27] <keturn> but if you send them back in claimed_id, you're clobbering the identifier the user was delegating from
  255. [02:54:39] <flaccid> oh shiz, i see what you mean, even then that is a new unique identity
  256. [02:54:45] <flaccid> yeah
  257. [02:54:49] <flaccid> hhhhhhmmm
  258. [02:55:20] <flaccid> wow. is this really the case keturn, because that is a huge flaw
  259. [02:55:40] <keturn> QUICK, TO THE TIME MACHINE!
  260. [02:55:52] <Zectbumo> hehe
  261. [02:56:29] <Zectbumo> so are we now saying that yahoo is following the spec and the spec has a flaw?
  262. [02:56:36] <flaccid> hmm kind of out of my league with this one. i hope keturn you can do something about it..
  263. [02:57:07] <flaccid> well the only way to do recycling is via the claimed_id. even if it is just param in query string, thats a new ID
  264. [02:57:50] <flaccid> i been caught up in the cloud for too long now so i have forgetten much about spec..
  265. [02:59:17] <Zectbumo> everyone's head is in the clouds now, visions get foggy, when in the clouds
  266. [02:59:31] <flaccid> i'm referring to cloud computing
  267. [02:59:44] <Zectbumo> me too!
  268. [03:00:38] <Zectbumo> flaccid: so is this yahoo's or openid spec issue after all?
  269. [03:00:50] <keturn> well, on the one hand, yes, there is a flaw regarding how to do identifier recycling and delegation
  270. [03:01:11] <flaccid> Zectbumo: keturn is the expert here, i'll let him comment
  271. [03:01:11] <keturn> on the other hand, yahoo is still being stupid, because they don't have to worry about recycling https://me.yahoo.com/a/t4ZTabhnxZTep6tQzRWl33XLzY3HxQ--
  272. [03:01:20] <keturn> I mean, seriously, you do not need to add a fragment to make that unique
  273. [03:01:22] <flaccid> yep i agree there
  274. [03:01:40] <flaccid> the question is also posed, why is it being 'recycled' in the first place for Zectbumo
  275. [03:02:07] <keturn> flaccid: oh, they add fragments to everything
  276. [03:02:29] <keturn> so it's not just him.
  277. [03:02:33] <flaccid> oh my
  278. [03:02:40] <flaccid> well that breaks the spec directly
  279. [03:03:04] <keturn> not really. it's just a little overenthusiastic.
  280. [03:03:34] <flaccid> well the spec is not implicit in this area, but it also doesn't say to add tokens for the sake of it when not recycling..
  281. [03:05:09] <yangman> it shouldn't be handing back a different claimed_id to begin with. clobbers delegation, recycling or not
  282. [03:05:19] <Zectbumo> indeed
  283. [03:05:22] <yangman> and the recycling is internal. the RP doesn't need to know if it's delegated
  284. [03:06:49] <Zectbumo> will this do what I want to do to run my own server? http://brianellin.com/misc/safe.rb
  285. [03:07:04] <flaccid> yangman yep that was my original point
  286. [03:07:24] <flaccid> yangman your second point is also what i thought, but im disconnected from spec memory at this poitn
  287. [03:07:41] <Zectbumo> who is involved with the spec here?
  288. [03:07:44] <yangman> Zectbumo: are you wanting OP for a single user or for a database of users?
  289. [03:07:55] <Zectbumo> single user would be fine
  290. [03:07:59] <yangman> flaccid: spec isn't explicit about it, unfortunately :\
  291. [03:08:02] <flaccid> Zectbumo i doub it. i linked you to the software that can do it. there is ruby-openid.
  292. [03:08:07] <yangman> not afaics, anyway
  293. [03:08:09] <flaccid> and that is maintained by myopenid..
  294. [03:08:09] <Zectbumo> I could mod it to be multi user if I had to
  295. [03:08:15] <flaccid> yangman oh right
  296. [03:08:41] <flaccid> Zectbumo if you are are ruby person, i recommend ruby-openid and use the example which is probably rails
  297. [03:09:01] <Zectbumo> flaccid: oh yeah, that list. I would rather do Python anyways
  298. [03:09:10] <yangman> well, I built this thing so I can have single-user OP on my personal server: http://yangman.ca/poit/
  299. [03:09:27] <flaccid> Zectbumo there is python-openid..
  300. [03:10:16] <Zectbumo> hopefully it's python only. this is on a cookie cutter hosted server, so I can't install libs
  301. [03:10:26] <flaccid> yangman interesting. only problem is that python-openid already did this so its kind of a reinvention of the wheel..
  302. [03:10:46] <flaccid> Zectbumo yeah so thats your limitation :)
  303. [03:11:00] <flaccid> but no it doesn't depend on other crap
  304. [03:11:05] <yangman> flaccid: it depends on python-openid. poit is almost a thin front-end to it
  305. [03:11:12] <Zectbumo> is this it? http://openidenabled.com/python-openid/
  306. [03:11:15] <flaccid> yangman oh sorry man didn't notice that
  307. [03:11:38] <flaccid> oh its in the reqs. /me slaps himself for being blind
  308. [03:12:06] <yangman> heh. I don't blame you. default styles sometimes don't have good readability :p
  309. [03:12:07] <flaccid> yangman i remember checking this out actually. i'm a django guy, so i need to find time to update the django app in the libs..
  310. [03:12:27] <flaccid> nah it was totally clear, i'm just a bit sick today, not reading correctly
  311. [03:13:10] <yangman> I should probably do a 0.2 release in the next while, since sreg support is taking much too long
  312. [03:14:12] <Zectbumo> ok, well I feel like I should make my own. I need to "feel" openId from the trenches if I'm going to go around parading openId is a great thing.
  313. [03:14:15] <keturn> freyley was complaining to me about openid support in django. apparently if you google it, everything points to projects hosted on Google Code, and those are all dead code, some of which have more recent versions on github or something.
  314. [03:15:16] <flaccid> keturn correct. if you can find out the most recent project/thing/code etc. much appreciated. i don't wanna duplicate work..
  315. [03:16:15] <Zectbumo> ok guys, thanks for the tips, links, and help. I hope I sparked something that needed to get fixed. If not, I know where the source of the problem lies. thanks again.
  316. [03:17:31] <flaccid> hey keturn/yangman.. i think there spec is pretty clear about putting it in the claimed_id which would create a new identity which won't match on RPs as there is no spec on what the token should be, http://openid.net/specs/openid-authentication-2_0.html#identifying
  317. [03:17:42] <flaccid> there=the
  318. [03:18:00] * Zectbumo (~Zectbumo@dsl211-159-254.lax1.dsl.speakeasy.net) Quit (Quit: cya)
  319. [03:18:41] <flaccid> 'you can't recycle an openid identifier' <== in simple terms that is the bug
  320. [03:18:51] <flaccid> identifier=identity
  321. [03:19:28] <keturn> for a fun trip down memory lane, visit http://lists.openid.net/pipermail/openid-specs/2007-June/thread.html
  322. [03:20:03] <flaccid> wow thats huge
  323. [03:26:02] <yangman> hahaha. fun trip indeed
  324. [03:27:09] <flaccid> i'll have to read that *one day soon*
  325. [03:27:27] <flaccid> i gotta engineer a haproxy/stunnel solution atm heh
  326. [03:32:34] * daleolds (~daleolds@137.65.156.20) has left #openid
  327. [03:50:53] * shigeta (~shigeta@sakkgw2.sixapart.jp) Quit (Ping timeout: 246 seconds)
  328. [03:50:58] * shigeta (~shigeta@sakkgw2.sixapart.jp) has joined #openid
  329. [03:58:42] * singpolyma (~singpolym@dsl-67-204-32-120.acanac.net) Quit (Quit: leaving)
  330. [04:34:16] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  331. [04:42:50] * oxi (~oxi@unaffiliated/oxi) Quit (Ping timeout: 265 seconds)
  332. [05:03:22] * Kaliya (~Adium@cpe-66-68-191-74.austin.res.rr.com) has joined #openid
  333. [05:04:02] * Kaliya (~Adium@cpe-66-68-191-74.austin.res.rr.com) has left #openid
  334. [05:10:25] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  335. [06:01:12] * Kaliya (~Adium@cpe-66-68-191-74.austin.res.rr.com) has joined #openid
  336. [06:05:26] * Kaliya (~Adium@cpe-66-68-191-74.austin.res.rr.com) Quit (Ping timeout: 240 seconds)
  337. [06:11:32] * oxi (~oxi@unaffiliated/oxi) Quit (Quit: oxi)
  338. [06:11:44] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  339. [06:11:52] * oxi (~oxi@unaffiliated/oxi) Quit (Client Quit)
  340. [07:15:10] * Adremelech (~Adremelec@c-75-73-104-66.hsd1.mn.comcast.net) has joined #openid
  341. [07:43:24] * Adremelech (~Adremelec@c-75-73-104-66.hsd1.mn.comcast.net) Quit (Quit: Leaving)
  342. [08:39:34] * xpo (~xpo@bearstech/xpo) has joined #openid
  343. [08:53:45] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  344. [09:03:09] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) Quit (Ping timeout: 252 seconds)
  345. [09:09:45] * oxi (~oxi@unaffiliated/oxi) Quit (Ping timeout: 240 seconds)
  346. [09:27:24] * xpo (~xpo@bearstech/xpo) Quit (Quit: xpo)
  347. [10:38:10] * xpo (~xpo@af83-1.dd.bearstech.net) has joined #openid
  348. [10:38:13] * xpo (~xpo@af83-1.dd.bearstech.net) Quit (Changing host)
  349. [10:38:13] * xpo (~xpo@bearstech/xpo) has joined #openid
  350. [10:54:40] * Politoed (~hpeixoto@a85-138-56-176.cpe.netcabo.pt) has joined #openid
  351. [10:59:05] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) has joined #openid
  352. [11:08:00] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) Quit (Ping timeout: 252 seconds)
  353. [11:17:13] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  354. [11:27:17] * abraxas (~ronkorvin@p10103-ipngn1501marunouchi.tokyo.ocn.ne.jp) Quit (Quit: abraxas)
  355. [11:38:18] * Politoed (~hpeixoto@a85-138-56-176.cpe.netcabo.pt) Quit (Read error: Operation timed out)
  356. [11:44:54] * shigeta (~shigeta@sakkgw2.sixapart.jp) Quit (Quit: Leaving...)
  357. [11:45:35] * oxi (~oxi@unaffiliated/oxi) Quit (Quit: oxi)
  358. [13:05:27] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) has joined #openid
  359. [13:30:34] * MacTed (~Thud@c-24-61-62-241.hsd1.ma.comcast.net) Quit ()
  360. [13:51:57] * Politoed (~hpeixoto@cica-proj.fe.up.pt) has joined #openid
  361. [14:20:13] * MacTed (~Thud@63.119.36.36) has joined #openid
  362. [14:30:11] * karstensrage (~karstensr@c-71-202-243-186.hsd1.ca.comcast.net) Quit (Quit: Leaving)
  363. [14:41:41] * qwp0 (~qwp0@gw.localnet.sk) has joined #openid
  364. [14:48:01] * qwp0 (~qwp0@gw.localnet.sk) Quit (Remote host closed the connection)
  365. [15:03:16] * xpo (~xpo@bearstech/xpo) Quit (Read error: Connection reset by peer)
  366. [15:03:34] * xpo (~xpo@bearstech/xpo) has joined #openid
  367. [15:09:04] * daedeloth (~daedeloth@ip-83-134-155-251.dsl.scarlet.be) has joined #openid
  368. [15:16:07] * xpo (~xpo@bearstech/xpo) Quit (Quit: xpo)
  369. [15:28:28] * xpo (~xpo@bearstech/xpo) has joined #openid
  370. [15:36:38] * xpo_air (~xpo@bearstech/xpo) has joined #openid
  371. [15:38:05] * xpo_air (~xpo@bearstech/xpo) Quit (Client Quit)
  372. [15:40:40] * xpo (~xpo@bearstech/xpo) Quit (Ping timeout: 248 seconds)
  373. [15:55:39] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) Quit (Ping timeout: 260 seconds)
  374. [16:06:53] * daedeloth (~daedeloth@ip-83-134-155-251.dsl.scarlet.be) Quit (Remote host closed the connection)
  375. [16:21:40] * xpo (~xpo@bearstech/xpo) has joined #openid
  376. [16:28:23] * daedeloth (~daedeloth@ip-83-134-155-251.dsl.scarlet.be) has joined #openid
  377. [16:39:29] * daleolds (~daleolds@137.65.157.43) has joined #openid
  378. [16:44:20] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  379. [16:48:14] * xpo (~xpo@bearstech/xpo) Quit (Quit: xpo)
  380. [17:03:33] * karstensrage (~chatzilla@ffnat.copart.com) has joined #openid
  381. [17:11:38] * xpo (~xpo@bearstech/xpo) has joined #openid
  382. [17:32:17] * xpo (~xpo@bearstech/xpo) Quit (Quit: xpo)
  383. [17:47:48] * xpo (~xpo@bearstech/xpo) has joined #openid
  384. [17:51:19] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) has joined #openid
  385. [18:02:16] * gxgcristea (~gino@ip65-47-28-158.z28-47-65.customer.algx.net) has joined #openid
  386. [18:18:45] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) Quit (Ping timeout: 258 seconds)
  387. [18:56:53] * xpo (~xpo@bearstech/xpo) Quit (Quit: xpo)
  388. [19:07:10] * Ac-town (~dymockd@osuosl/staff/actown) has joined #openid
  389. [19:16:50] * daedeloth (~daedeloth@ip-83-134-155-251.dsl.scarlet.be) Quit (Remote host closed the connection)
  390. [20:14:29] * flaccid (~vwen98@ppp59-167-167-106.static.internode.on.net) has joined #openid
  391. [20:18:39] * oxi (~oxi@unaffiliated/oxi) Quit (Quit: oxi)
  392. [20:23:56] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  393. [20:35:57] * daleolds (~daleolds@137.65.157.43) has left #openid
  394. [20:39:34] * daleolds (~daleolds@137.65.157.43) has joined #openid
  395. [21:01:57] * oxi (~oxi@unaffiliated/oxi) Quit (Quit: oxi)
  396. [21:36:46] * Zectbumo (~Zectbumo@cpe-75-85-23-254.socal.res.rr.com) has joined #openid
  397. [21:37:25] * Zectbumo (~Zectbumo@cpe-75-85-23-254.socal.res.rr.com) has left #openid
  398. [21:42:27] * oxi (~oxi@unaffiliated/oxi) has joined #openid
  399. [21:54:40] * MacTed (~Thud@63.119.36.36) Quit ()
  400. [22:06:33] * oxi (~oxi@unaffiliated/oxi) Quit (Quit: oxi)
  401. [22:27:17] * xpo (~xpo@bearstech/xpo) has joined #openid
  402. [22:41:19] * singpoly1a (~singpolym@dsl-67-204-32-120.acanac.net) has joined #openid
  403. [22:44:26] * singpoly1a (~singpolym@dsl-67-204-32-120.acanac.net) Quit (Client Quit)
  404. [22:49:28] * singpoly1a (~singpolym@dsl-67-204-32-120.acanac.net) has joined #openid
  405. [22:50:31] * singpoly1a (~singpolym@dsl-67-204-32-120.acanac.net) Quit (Client Quit)
  406. [22:51:18] * singpoly1a (~singpolym@dsl-67-204-32-120.acanac.net) has joined #openid
  407. [22:52:02] * singpoly1a (~singpolym@dsl-67-204-32-120.acanac.net) Quit (Client Quit)
  408. [22:55:03] * mtx_init (~mtx_init@unaffiliated/mtx-init/x-7936658) has joined #openid
  409. [22:55:49] <mtx_init> so the openid server you authenticate into, does it keep track of your logins and where from and stuff like that?
  410. [22:57:09] * singpolyma (~singpolym@dsl-67-204-32-120.acanac.net) has joined #openid
  411. [23:03:03] <yangman> mtx_init: if the server wishes to. this is implementation specific, and out-of-scope for the protocol
  412. [23:04:40] <mtx_init> ok il just make my own provider
  413. [23:04:42] <mtx_init> thank you

These logs were automatically created by OpenIDlogbot on chat.freenode.net using a modified version of the Java IRC LogBot.