<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hey Peter,<div>Thanks for putting together this list. Chris and I will followup with the PBWiki team and see how much of this stuff we can get fixed.</div><div><br></div><div>--David</div><div><br><div><div>On Dec 24, 2008, at 12:50 PM, Peter Williams wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0; "><div lang="EN-US" link="blue" vlink="purple"><div class="Section1"><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span>1.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span>The PBwiki service continues to cause me major grief when handing off to myopenid (anyone else see this!!?? Why just me!?) It sends bad messages to the OP, about 90% of the time. There is no recovery possibility. Sometimes it works, though, if you fiddle like a programmer (*)<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span>2.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span>Be cute if their nice, new commenting feature (which accepts a URI) was openid enabled. Be much better experience than forcing members to type in name and an email.<span class="Apple-converted-space"> </span><a href="http://blog.pbwiki.com/2008/12/19/new-feature-now-readers-can-comment-on-wiki-pages/" style="color: blue; text-decoration: underline; ">http://blog.pbwiki.com/2008/12/19/new-feature-now-readers-can-comment-on-wiki-pages/</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span>3.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span>There are some basic security flaws in the hosting model (when augmented with openid). The challenge delivered at the OP asks for release authority to my.pbwiki.com SP, which does not align with the fact that the previous page text (and the address bar) was making be believe I’m talking to wiki.openid.net.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 12pt; font-family: 'Times New Roman', serif; "><span>4.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span></span><span style="font-size: 12pt; font-family: 'Times New Roman', serif; ">The OP reports: You must sign in to authenticate to<span class="Apple-converted-space"> </span><a href="http://my.pbwiki.com/" style="color: blue; text-decoration: underline; ">http://my.pbwiki.com/</a><span class="Apple-converted-space"> </span>as<span class="Apple-converted-space"> </span><a href="http://homepw.myopenid.com/" style="color: blue; text-decoration: underline; ">http://homepw.myopenid.com/</a><span class="Apple-converted-space"> </span>. This is not what I asked for: I asked for identity verification of<span class="Apple-converted-space"> </span><a href="https://homepw.myopenid.com/" style="color: blue; text-decoration: underline; ">https://homepw.myopenid.com/</a>. The handoff to the OP does seem to be over https though. I cannot tell if this is OP issue, SP issue, or the nature of OpenID Auth procedures.<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 12pt; font-family: 'Times New Roman', serif; "><o:p> </o:p></span></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span>5.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span>There are some basic security flaws in the hosting model (when augmented with SSL). The foundation should buy its own cert, and let Pbwiki do proper SSL virtual hosting. This doesn’t solve 3 though, which is rather more serious. They need to virtualize their openid SP realms - to match the wiki virtual hosting domains. They need to ensure the right hosted cert is used per openid (hosted) realm, and its reflected in the XRDS (see 8).<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span>6.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span><span style="font-size: 12pt; font-family: 'Times New Roman', serif; ">Prior to the OP handoff, IE generates warnings about mixed content from multiple assurance zones.</span><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span>7.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span>On releasing the assertion to my.pbwiki.com, the url is<span class="Apple-converted-space"> </span><a href="https://my.pbwiki.com/?p=openid&o=f&janrain_nonce=2008-12-24T20%3A18%3A15Z7bd4p0&openid1_claimed_id=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.assoc_handle=%7BHMAC-SHA1%7D%7B49496232%7D%7B3wxYag%3D%3D%7D&openid.identity=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2008-12-24T20%3A20%3A22Zng6R5h&openid.return_to=http%3A%2F%2Fmy.pbwiki.com%2F%2F%3Fp%3Dopenid%26o%3Df%26janrain_nonce%3D2008-12-24T20%253A18%253A15Z7bd4p0%26openid1_claimed_id%3Dhttps%253A%252F%252Fhomepw.myopenid.com%252F&openid.sig=G31sZRRUGcnvO9UitvBiQEjwF9A%3D&openid.signed=assoc_handle%2Cidentity%2Cmode%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg.email=home_pw%40msn.com&openid.sreg.fullname=Peter+Williams&openid.sreg.nickname=peter" style="color: blue; text-decoration: underline; ">https://my.pbwiki.com//?p=openid&o=f&janrain_nonce=2008-12-24T20%3A18%3A15Z7bd4p0&openid1_claimed_id=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.assoc_handle=%7BHMAC-SHA1%7D%7B49496232%7D%7B3wxYag%3D%3D%7D&openid.identity=https%3A%2F%2Fhomepw.myopenid.com%2F&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.myopenid.com%2Fserver&openid.response_nonce=2008-12-24T20%3A20%3A22Zng6R5h&openid.return_to=http%3A%2F%2Fmy.pbwiki.com%2F%2F%3Fp%3Dopenid%26o%3Df%26janrain_nonce%3D2008-12-24T20%253A18%253A15Z7bd4p0%26openid1_claimed_id%3Dhttps%253A%252F%252Fhomepw.myopenid.com%252F&openid.sig=G31sZRRUGcnvO9UitvBiQEjwF9A%3D&openid.signed=assoc_handle%2Cidentity%2Cmode%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg.email=home_pw%40msn.com&openid.sreg.fullname=Peter+Williams&openid.sreg.nickname=peter</a><span class="Apple-converted-space"> </span>so evidently the perceived claim being verified by the SP is<span class="Apple-converted-space"> </span><a href="https://homepw" style="color: blue; text-decoration: underline; ">https://homepw</a><span class="Apple-converted-space"> </span>not<span class="Apple-converted-space"> </span><a href="http://homepw" style="color: blue; text-decoration: underline; ">http://homepw</a>. Is this an OP UI issue?<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="text-indent: -0.25in; margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span>8.<span style="font: normal normal normal 7pt/normal 'Times New Roman'; "> <span class="Apple-converted-space"> </span></span></span>The XRDS at<span class="Apple-converted-space"> </span><a href="http://my.pbwiki.com/xrds.php" style="color: blue; text-decoration: underline; ">http://my.pbwiki.com/xrds.php</a><span class="Apple-converted-space"> </span>makes namespace assertions for its https cousin. Once the openid SP is properly virtualized, the wiki.openid.net realm will need to be published at<span class="Apple-converted-space"> </span><a href="https://wiki.openid.net/" style="color: blue; text-decoration: underline; ">https://wiki.openid.net/</a>... , obviously.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; ">HTTP/1.0 200 OK<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; ">Date: Wed, 24 Dec 2008 20:37:27 GMT<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; ">Server: Apache<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; ">Connection: close<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; ">Content-Type: application/xrds+xml<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "><o:p> </o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "><?xml version="1.0" encoding="UTF-8"?><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "><xrds:XRDS<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> xmlns:xrds="xri://$xrds"<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> xmlns:openid="<a href="http://openid.net/xmlns/1.0" style="color: blue; text-decoration: underline; ">http://openid.net/xmlns/1.0</a>"<o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> xmlns="xri://$xrd*($v*2.0)"><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> <XRD><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> <Service priority="0"><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> <Type><a href="http://specs.openid.net/auth/2.0/return_to" style="color: blue; text-decoration: underline; ">http://specs.openid.net/auth/2.0/return_to</a></Type><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> <URI><a href="https://my.pbwiki.com//?p=openid" style="color: blue; text-decoration: underline; ">https://my.pbwiki.com//?p=openid</a></URI><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> </Service><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "> </XRD><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><span style="font-size: 8.5pt; font-family: 'Lucida Console'; "></xrds:XRDS><o:p></o:p></span></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">(*)it works quite predictably after a first failure if one tries a second time, but only if one uses the back menu to go to the “typein url” screen at my.pbwiki.com. Going back one screen to their post-handler just repeats the protocol violation. Somehow the race is sorted out, the second time around. (On refresh the second time, the graphic that causes the race in IE does not seem to render. HINT.)<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0.5in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div></div>_______________________________________________<br>general mailing list<br><a href="mailto:general@openid.net" style="color: blue; text-decoration: underline; ">general@openid.net</a><br><a href="http://openid.net/mailman/listinfo/general" style="color: blue; text-decoration: underline; ">http://openid.net/mailman/listinfo/general</a><br></div></span></blockquote></div><br></div></body></html>