Hah! Slashdot.org does <i>not</i> use RPX. Slashdot's openid implementation is SO buggy it's not even funny. It's a shame that an technology-centric site took so long to adopt OpenID and that when they did, they did such a shoddy job of it. <div>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Mon, Sep 7, 2009 at 6:23 PM, Peter Williams <span dir="ltr"><<a href="mailto:pwilliams@rapattoni.com">pwilliams@rapattoni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p>The not particularly interesting ode video led me to your
(much more interesting) blog site, one of whose entries talked about delegation
using Opera Unite. No odes were ever found, but one odyssey did result.</p>
<p> </p>
<p>1. I followed the instructions, and got myself a vanity
openid: <a href="http://home.homepw.operaunite.com/a" target="_blank">http://home.homepw.operaunite.com/a</a>
that delegates to <a href="http://homepw.myopenid.com" target="_blank">homepw.myopenid.com</a></p>
<p> </p>
<p>This is cute, because it only seems to work when I'm
online (since only then is the index.html doing the delegation available to relying
party sites).</p>
<p> </p>
<p>Used at Slashdot (based on Janrain’s RPX
integration, I believe), <a href="http://home.homepw.operaunite.com/a" target="_blank">http://home.homepw.operaunite.com/a</a>
got me to the Slashdot account linking screen. It failed at Plaxo.</p>
<p> </p>
<p> </p>
<p>2. So then I went to another RP, <a href="http://freexri.com" target="_blank">freexri.com</a> and hit the login
button (using the openid signin option). Obviously, I supplied my shiny new
vanity name from operaunite: <a href="http://home.homepw.operaunite.com/a" target="_blank">http://home.homepw.operaunite.com/a</a>. Things properly
pinged back to myopenid, and I authorized release of an assertion and the null
persona of attributes.</p>
<p> </p>
<p>3. I created myself a shiny new XRI, which is called @id*<a href="http://home.homepw.operaunite.com" target="_blank">home.homepw.operaunite.com</a>,
using my current account which has several XRIs (you may need a new account, if
this is your first time through XRI land), providing the capcha. Thereafter, I selected
the option for the XRI that it would have an openid i-service attached. That is:
I now have @id*<a href="http://home.homepw.operaunite.com" target="_blank">home.homepw.operaunite.com</a> delegating to <a href="http://home.homepw.operaunite.com/a" target="_blank">http://home.homepw.operaunite.com/a</a>
(which ...delegates to ...). If I do XRI resolution on that name, I see all that
properly reflected in the XRD markup, using local name of <a href="http://home.homepw.operaunite.com/a" target="_blank">http://home.homepw.operaunite.com/a</a>
(operating under the openid (not XRI) semantics of an local name since the
local name is in the SEP/link, not the XRD body).</p>
<p> </p>
<p>4. I logged out of the RP, fully. Logging back in to this
RP (nominally to create a synonym to next see if the polyarchical stuff really "works"
with delegation), I obviously now cited my shiny new XRI @id*<a href="http://home.homepw.operaunite.com" target="_blank">home.homepw.operaunite.com</a>.
The myopenid page eventually showed, but wants me to solve this:</p>
<p> </p>
<p>"myOpenID is not authorized to verify that
"@!B1E8.C27B.E41C.25C3!5adb.130d.2ac2.be9e" is your identifier. If it
is your identifier, you can set up myOpenID to verify it. See the help page for
more information."</p>
<p> </p>
<p>How can I do this in my XRD? (Assume I login to the <a href="http://freexri.com" target="_blank">freexri.com</a>
RP locally, to get back my admin privileges, since Im operating a master XRI account)</p>
<p> </p>
<p>5. Then I did the same at plaxo, for @id*<a href="http://home.homepw.operaunite.com" target="_blank">home.homepw.operaunite.com</a></p>
<p> </p>
<p>This time I got</p>
<p> </p>
<p>"myOpenID is not authorized to verify that
"<a href="http://home.homepw.operaunite.com/a/content/" target="_blank">http://home.homepw.operaunite.com/a/content/</a>" is your identifier. If
it is your identifier, you can set up myOpenID to verify it. See the help page
for more information."</p>
<p> </p>
<p>To solve THIS one, I think I need merely put the magic "proof"
file (that proves control over the "domain") onto the webserver under
the above path. Does this feel correct? If so, Ill add the myopenid proof file
to my file system (!).</p>
<p> </p>
<p>6. Remembering that my XRI also has a +contact i-service
bound to it, with its own delegations built in to the HXRI variant of my XRI, I
had a look at the contact page that one gets from following 302's issued by the
<a href="https://xri.freexri.com/@id*home.homepw.operaunite.com" target="_blank">https://xri.freexri.com/@id*home.homepw.operaunite.com</a>.</p>
<p> </p>
<p>At the end of the chain, at <a href="http://contact.freexri.com/contact/@id*home.homepw.operaunite.com" target="_blank">http://contact.freexri.com/contact/@id*home.homepw.operaunite.com</a></p>
<p> </p>
<p>We see the HTML-centric metadata:</p>
<p> </p>
<p style="margin-left:.5in"><link
rel="openid.server" href="<a href="http://www.myopenid.com/server" target="_blank">http://www.myopenid.com/server</a>"
/></p>
<p style="margin-left:.5in"><link
rel="openid2.provider"
href="<a href="http://www.myopenid.com/server" target="_blank">http://www.myopenid.com/server</a>" /></p>
<p style="margin-left:.5in"><link
rel="openid.delegate"
href="<a href="http://xri.net/http://home.homepw.operaunite.com/a/content/" target="_blank">http://xri.net/http://home.homepw.operaunite.com/a/content/</a>"
/></p>
<p style="margin-left:.5in"><link
rel="openid2.local_id"
href="<a href="http://xri.net/http://home.homepw.operaunite.com/a/content/" target="_blank">http://xri.net/http://home.homepw.operaunite.com/a/content/</a>"
/></p>
<p style="margin-left:.5in"> </p>
<p style="margin-left:.5in"> </p>
<p>I find it strange that one resolution of the contact
service at XRI proxy would delegate to the synonmy resolution service at another
proxy. Additionally, the form of the local_id looks weird, but is not actually
illegal, apparently. But, let’s try it at the plaxo. anyways.</p>
<p> </p>
<p>After ignoring the problems with the https variant (since
plaxo doesn’t know about the freexri SSL cert domain), we got </p>
<p> </p>
<p>myOpenID is not authorized to verify that <code><span style="font-size:10.0pt"><a href="http://xri.net/http://home.homepw.operaunite.com/a/content/" target="_blank">http://xri.net/http://home.homepw.operaunite.com/a/content/</a></span></code>
is your identifier. If it is your identifier, you can set up myOpenID to verify
it. See <a href="https://www.myopenid.com/help#own_domain" target="_blank">the help page</a>
for more information.</p>
<p> </p>
<p>Well at least that’s familiar. How do I now fiddle
around with XRI/XRD or my contact page so I can make myopenid happy?</p>
<p style="margin-left:.5in"> </p>
<p style="margin-left:.5in"> </p>
<p>7 I find it strange that Slashdot could get myopenid to
assert for my opera delegation uri but myopenid will not react to more advanced
cases. </p>
<p> </p>
<p>There seems to be a distinction being drawn, between
delegation and delegation for domains. The former is detected and myopenid
finds it acceptable to make an assertion, but the latter cases require
additional proof over control of the domain/URL.</p>
<p> </p>
<p>I wish the spec was clear on all this!</p><div><div></div><div class="h5">
<p style="margin-left:.5in"> </p>
<p style="margin-left:.5in">-----Original Message-----<br>
From: <a href="mailto:openid-general-bounces@lists.openid.net" target="_blank">openid-general-bounces@lists.openid.net</a> [mailto:<a href="mailto:openid-general-bounces@lists.openid.net" target="_blank">openid-general-bounces@lists.openid.net</a>]
On Behalf Of Santosh Rajan<br>
Sent: Monday, September 07, 2009 12:13 PM<br>
To: <a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
Subject: [OpenID] An Ode to OpenID</p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p><a href="http://www.youtube.com/watch?v=ztc4V3ttlso&feature=related" target="_blank">http://www.youtube.com/watch?v=ztc4V3ttlso&feature=related</a></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p>-----</p>
<p> </p>
<p>Santosh Rajan</p>
<p><a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a>
<a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a></p>
<p>--</p>
<p>View this message in context:
<a href="http://www.nabble.com/An-Ode-to-OpenID-tp25335016p25335016.html" target="_blank">http://www.nabble.com/An-Ode-to-OpenID-tp25335016p25335016.html</a></p>
<p>Sent from the OpenID - General mailing list archive at
Nabble.com.</p>
<p> </p>
<p>_______________________________________________</p>
<p>general mailing list</p>
<p><a href="mailto:general@lists.openid.net" target="_blank">general@lists.openid.net</a></p>
<p><a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a></p>
</div></div></div>
</div>
<br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_blank">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
<br></blockquote></div><br></div>