[OpenID] OpenID MediaWiki Extension v. - Identity Providers UI

Peter Williams pwilliams at rapattoni.com
Sun Apr 19 19:46:52 UTC 2009

This could be interesting of itself in the uci spirit of openid.

One can use yahoos willingess to rely without warning on a https realm as an authentication scheme. Yahoo implies that the https cert on an https realm is "valid" (wrt its trust list, its handling of crls and arls). A reputation service can now crawl which sites yahoo so rates, and publish a meta reliance signal (by updating its ocsp database for example). Those rp doing discovery on smaller ops might configure their ssl client engines to use that ocsp source, when qualifying the original yahoo rp (now acting as an asserting or attribute authority/agent of the dataowner (ie the user) ).

From: Allen Tom <atom at yahoo-inc.com>
Sent: Sunday, April 19, 2009 12:34 PM
To: Sergey Chernyshev <sergey.chernyshev at gmail.com>
Cc: Wikimedia developers <wikitech-l at lists.wikimedia.org>; general at openid.net <general at openid.net>
Subject: Re: [OpenID] OpenID MediaWiki Extension v. - Identity Providers UI

Hi Sergey,

The Yahoo OpenID Provider will display a warning to the user if the RP's OpenID endpoints are not discoverable.

Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate.

The best documentation for fixing this issue is here: http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html

The AOL Sign-in form fails if the user just clicks the Login Button without entering their AOL ScreenName. You might want to  disable the button until after the user types in their ScreenName. This will only be an issue until AOL upgrades their OpenID Provider from OpenID 1.1 to OpenID 2.0. Once they have OpenID 2.0 support, you'll be able to handle AOL logins identically to Google and Yahoo.

Good job!

Sergey Chernyshev wrote:

I'm done with initial implementation of Identity Providers UI for OpenID MediaWiki Extension.

Extension now shows a user-friendly (although my design skills are far from perfect) form where they can pick from a list of OpenID providers (generic OpenID URL form is still default).

You can see it in action here:
http://www.techpresentations.org/Special:OpenIDLogin (without icons - I'll enable them later)

After some discussions and concerns here on the list, I implemented it in the way that provider logos don't show up by default and if you would like to show them on your site, you have to add:

     $wgOpenIDShowProviderIcons = true;

to your LocalSettings.php

Hope you like it, but I'm still open to suggestions about improving the interface so you all finally install it on your wikis ;)

Thank you,


Sergey Chernyshev


general mailing list
general at openid.net<mailto:general at openid.net>

More information about the general mailing list