<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.z-TopofFormChar
{mso-style-name:"z-Top of Form Char";
mso-style-priority:99;
mso-style-link:"z-Top of Form";
font-family:"Arial","sans-serif";
display:none;}
span.z-BottomofFormChar
{mso-style-name:"z-Bottom of Form Char";
mso-style-priority:99;
mso-style-link:"z-Bottom of Form";
font-family:"Arial","sans-serif";
display:none;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:466776167;
mso-list-type:hybrid;
mso-list-template-ids:-1286571260 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>The PBwiki service continues to cause me major grief when
handing off to myopenid (anyone else see this!!?? Why just me!?) It sends bad
messages to the OP, about 90% of the time. There is no recovery possibility.
Sometimes it works, though, if you fiddle like a programmer (*) <o:p></o:p></p>
<p class=MsoListParagraph><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>Be cute if their nice, new commenting feature (which
accepts a URI) was openid enabled. Be much better experience than forcing members
to type in name and an email. http://blog.pbwiki.com/2008/12/19/new-feature-now-readers-can-comment-on-wiki-pages/<o:p></o:p></p>
<p class=MsoListParagraph><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>There are some basic security flaws in the hosting
model (when augmented with openid). The challenge delivered at the OP asks for release
authority to my.pbwiki.com SP, which does not align with the fact that the
previous page text (and the address bar) was making be believe I’m
talking to wiki.openid.net. <o:p></o:p></p>
<p class=MsoListParagraph><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:12.0pt;font-family:"Times New Roman","serif"'><span
style='mso-list:Ignore'>4.<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>The
OP reports: You must sign in to authenticate to http://my.pbwiki.com/ as http://homepw.myopenid.com/
. This is not what I asked for: I asked for identity verification of <a
href="https://homepw.myopenid.com/">https://homepw.myopenid.com/</a>. The handoff
to the OP does seem to be over https though. I cannot tell if this is OP issue,
SP issue, or the nature of OpenID Auth procedures. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>5.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>There are some basic security flaws in the hosting
model (when augmented with SSL). The foundation should buy its own cert, and let
Pbwiki do proper SSL virtual hosting. This doesn’t solve 3 though, which
is rather more serious. They need to virtualize their openid SP realms - to
match the wiki virtual hosting domains. They need to ensure the right hosted cert
is used per openid (hosted) realm, and its reflected in the XRDS (see 8).<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>6.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Prior
to the OP handoff, IE generates warnings about mixed content from multiple assurance
zones.</span><o:p></o:p></p>
<p class=MsoListParagraph><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>7.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>On releasing the assertion to my.pbwiki.com, the url is
<a
href="https://my.pbwiki.com/?p=openid&o=f&janrain_nonce=2008-12-24T20%3A18%3A15Z7bd4p0&openid1_claimed_id=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.assoc_handle=%7BHMAC-SHA1%7D%7B49496232%7D%7B3wxYag%3D%3D%7D&openid.identity=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2008-12-24T20%3A20%3A22Zng6R5h&openid.return_to=http%3A%2F%2Fmy.pbwiki.com%2F%2F%3Fp%3Dopenid%26o%3Df%26janrain_nonce%3D2008-12-24T20%253A18%253A15Z7bd4p0%26openid1_claimed_id%3Dhttps%253A%252F%252Fhomepw.myopenid.com%252F&openid.sig=G31sZRRUGcnvO9UitvBiQEjwF9A%3D&openid.signed=assoc_handle%2Cidentity%2Cmode%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg.email=home_pw%40msn.com&openid.sreg.fullname=Peter+Williams&openid.sreg.nickname=peter">https://my.pbwiki.com//?p=openid&o=f&janrain_nonce=2008-12-24T20%3A18%3A15Z7bd4p0&openid1_claimed_id=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.assoc_handle=%7BHMAC-SHA1%7D%7B49496232%7D%7B3wxYag%3D%3D%7D&openid.identity=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2008-12-24T20%3A20%3A22Zng6R5h&openid.return_to=http%3A%2F%2Fmy.pbwiki.com%2F%2F%3Fp%3Dopenid%26o%3Df%26janrain_nonce%3D2008-12-24T20%253A18%253A15Z7bd4p0%26openid1_claimed_id%3Dhttps%253A%252F%252Fhomepw.myopenid.com%252F&openid.sig=G31sZRRUGcnvO9UitvBiQEjwF9A%3D&openid.signed=assoc_handle%2Cidentity%2Cmode%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg.email=home_pw%40msn.com&openid.sreg.fullname=Peter+Williams&openid.sreg.nickname=peter</a>
so evidently the perceived claim being verified by the SP is <a
href="https://homepw">https://homepw</a> not <a href="http://homepw">http://homepw</a>.
Is this an OP UI issue?<o:p></o:p></p>
<p class=MsoListParagraph><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>8.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>The XRDS at <a href="http://my.pbwiki.com/xrds.php">http://my.pbwiki.com/xrds.php</a>
makes namespace assertions for its https cousin. Once the openid SP is properly
virtualized, the wiki.openid.net realm will need to be published at <a
href="https://wiki.openid.net/">https://wiki.openid.net/</a>... , obviously.<o:p></o:p></p>
<p class=MsoListParagraph style='margin-left:2.0in'><o:p> </o:p></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>HTTP/1.0 200 OK<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>Date: Wed, 24 Dec 2008
20:37:27 GMT<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>Server: Apache<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>Connection: close<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>Content-Type:
application/xrds+xml<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'><o:p> </o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'><?xml
version="1.0" encoding="UTF-8"?><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'><xrds:XRDS<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>
xmlns:xrds="xri://$xrds"<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>
xmlns:openid="http://openid.net/xmlns/1.0"<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>
xmlns="xri://$xrd*($v*2.0)"><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'> <XRD><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>
<Service priority="0"><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>
<Type>http://specs.openid.net/auth/2.0/return_to</Type><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>
<URI>https://my.pbwiki.com//?p=openid</URI><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'>
</Service><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'> </XRD><o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:1.5in;text-autospace:none'><span
style='font-size:8.5pt;font-family:"Lucida Console"'></xrds:XRDS><o:p></o:p></span></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoListParagraph>(*)it works quite predictably after a first failure if
one tries a second time, but only if one uses the back menu to go to the “typein
url” screen at my.pbwiki.com. Going back one screen to their post-handler
just repeats the protocol violation. Somehow the race is sorted out, the second
time around. (On refresh the second time, the graphic that causes the race in
IE does not seem to render. HINT.)<o:p></o:p></p>
<p class=MsoListParagraph><o:p> </o:p></p>
<p class=MsoListParagraph><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>