[OpenID] An Ode to OpenID
Andrew Arnott
andrewarnott at gmail.com
Tue Sep 8 02:42:12 UTC 2009
Hah! Slashdot.org does *not* use RPX. Slashdot's openid implementation is
SO buggy it's not even funny. It's a shame that an technology-centric site
took so long to adopt OpenID and that when they did, they did such a shoddy
job of it.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Mon, Sep 7, 2009 at 6:23 PM, Peter Williams <pwilliams at rapattoni.com>wrote:
> The not particularly interesting ode video led me to your (much more
> interesting) blog site, one of whose entries talked about delegation using
> Opera Unite. No odes were ever found, but one odyssey did result.
>
>
>
> 1. I followed the instructions, and got myself a vanity openid:
> http://home.homepw.operaunite.com/a that delegates to homepw.myopenid.com
>
>
>
> This is cute, because it only seems to work when I'm online (since only
> then is the index.html doing the delegation available to relying party
> sites).
>
>
>
> Used at Slashdot (based on Janrain’s RPX integration, I believe),
> http://home.homepw.operaunite.com/a got me to the Slashdot account linking
> screen. It failed at Plaxo.
>
>
>
>
>
> 2. So then I went to another RP, freexri.com and hit the login button
> (using the openid signin option). Obviously, I supplied my shiny new vanity
> name from operaunite: http://home.homepw.operaunite.com/a. Things properly
> pinged back to myopenid, and I authorized release of an assertion and the
> null persona of attributes.
>
>
>
> 3. I created myself a shiny new XRI, which is called @id*
> home.homepw.operaunite.com, using my current account which has several
> XRIs (you may need a new account, if this is your first time through XRI
> land), providing the capcha. Thereafter, I selected the option for the XRI
> that it would have an openid i-service attached. That is: I now have @id*
> home.homepw.operaunite.com delegating to
> http://home.homepw.operaunite.com/a (which ...delegates to ...). If I do
> XRI resolution on that name, I see all that properly reflected in the XRD
> markup, using local name of http://home.homepw.operaunite.com/a (operating
> under the openid (not XRI) semantics of an local name since the local name
> is in the SEP/link, not the XRD body).
>
>
>
> 4. I logged out of the RP, fully. Logging back in to this RP (nominally to
> create a synonym to next see if the polyarchical stuff really "works" with
> delegation), I obviously now cited my shiny new XRI @id*
> home.homepw.operaunite.com. The myopenid page eventually showed, but wants
> me to solve this:
>
>
>
> "myOpenID is not authorized to verify that
> "@!B1E8.C27B.E41C.25C3!5adb.130d.2ac2.be9e" is your identifier. If it is
> your identifier, you can set up myOpenID to verify it. See the help page for
> more information."
>
>
>
> How can I do this in my XRD? (Assume I login to the freexri.com RP
> locally, to get back my admin privileges, since Im operating a master XRI
> account)
>
>
>
> 5. Then I did the same at plaxo, for @id*home.homepw.operaunite.com
>
>
>
> This time I got
>
>
>
> "myOpenID is not authorized to verify that "
> http://home.homepw.operaunite.com/a/content/" is your identifier. If it is
> your identifier, you can set up myOpenID to verify it. See the help page for
> more information."
>
>
>
> To solve THIS one, I think I need merely put the magic "proof" file (that
> proves control over the "domain") onto the webserver under the above path.
> Does this feel correct? If so, Ill add the myopenid proof file to my file
> system (!).
>
>
>
> 6. Remembering that my XRI also has a +contact i-service bound to it, with
> its own delegations built in to the HXRI variant of my XRI, I had a look at
> the contact page that one gets from following 302's issued by the
> https://xri.freexri.com/@id*home.homepw.operaunite.com.
>
>
>
> At the end of the chain, at
> http://contact.freexri.com/contact/@id*home.homepw.operaunite.com
>
>
>
> We see the HTML-centric metadata:
>
>
>
> <link rel="openid.server" href="http://www.myopenid.com/server" />
>
> <link rel="openid2.provider" href="http://www.myopenid.com/server" />
>
> <link rel="openid.delegate" href="
> http://xri.net/http://home.homepw.operaunite.com/a/content/" />
>
> <link rel="openid2.local_id" href="
> http://xri.net/http://home.homepw.operaunite.com/a/content/" />
>
>
>
>
>
> I find it strange that one resolution of the contact service at XRI proxy
> would delegate to the synonmy resolution service at another proxy.
> Additionally, the form of the local_id looks weird, but is not actually
> illegal, apparently. But, let’s try it at the plaxo. anyways.
>
>
>
> After ignoring the problems with the https variant (since plaxo doesn’t
> know about the freexri SSL cert domain), we got
>
>
>
> myOpenID is not authorized to verify that
> http://xri.net/http://home.homepw.operaunite.com/a/content/ is your
> identifier. If it is your identifier, you can set up myOpenID to verify it.
> See the help page <https://www.myopenid.com/help#own_domain> for more
> information.
>
>
>
> Well at least that’s familiar. How do I now fiddle around with XRI/XRD or
> my contact page so I can make myopenid happy?
>
>
>
>
>
> 7 I find it strange that Slashdot could get myopenid to assert for my opera
> delegation uri but myopenid will not react to more advanced cases.
>
>
>
> There seems to be a distinction being drawn, between delegation and
> delegation for domains. The former is detected and myopenid finds it
> acceptable to make an assertion, but the latter cases require additional
> proof over control of the domain/URL.
>
>
>
> I wish the spec was clear on all this!
>
>
>
> -----Original Message-----
> From: openid-general-bounces at lists.openid.net [mailto:
> openid-general-bounces at lists.openid.net] On Behalf Of Santosh Rajan
> Sent: Monday, September 07, 2009 12:13 PM
> To: general at openid.net
> Subject: [OpenID] An Ode to OpenID
>
>
>
>
>
>
>
>
>
>
>
> http://www.youtube.com/watch?v=ztc4V3ttlso&feature=related
>
>
>
>
>
>
>
>
>
> -----
>
>
>
> Santosh Rajan
>
> http://santrajan.blogspot.com http://santrajan.blogspot.com
>
> --
>
> View this message in context:
> http://www.nabble.com/An-Ode-to-OpenID-tp25335016p25335016.html
>
> Sent from the OpenID - General mailing list archive at Nabble.com.
>
>
>
> _______________________________________________
>
> general mailing list
>
> general at lists.openid.net
>
> http://lists.openid.net/mailman/listinfo/openid-general
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090907/3a8b869b/attachment-0001.htm>
More information about the general
mailing list