<html>
<head>
<meta name="generator" content="Windows Mail 17.5.10049.20813">
<style data-externalstyle="true"><!--
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
}
p.MsoNormal, li.MsoNormal, div.MsoNormal {
margin:0in;
margin-bottom:.0001pt;
}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst,
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle,
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
}
--></style></head>
<body dir="ltr">
<div data-externalstyle="false" dir="ltr" style="font-family: 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif';font-size:12pt;">
<div>since someone asked, privately, here is the url that I missed:</div><div><br></div><div><a href="https://yorkporc.wordpress.com/2015/04/10/owin-debugging/" target="_parent">https://yorkporc.wordpress.com/2015/04/10/owin-debugging/</a><br></div><div data-signatureblock="true"><div><br></div><div>The blog is m ainly technical, since I largely stay clear of over politics. doesn't seem right to annoy one’s host - about anything too current<br></div><div><br></div><div>FYI, yes 20 years ago I was paid/influenced by NSA to have standards committees appear to be do what the agency wanted, so one could claim that society itself had countenanced some of the difficult tradeoffs between security, privacy, and spying.</div><div><br></div><div>This was in the days (long since gone) when the agency had two groups within itself (those that spied on others, those that prevented others from spying). Those days are long gone - I'm told, being an era when the social debate we need to have about the social tradeoffs still, today, used to happen “by proxy”, albeit in secret with yet conducted entirely in good faith by the two “competing “ groups within the same agency.</div><div><br></div><div>I had a PHD thesis (long since examined as a fail) that talked about the original openid being an opening that could address …why PKI failed and COULD ONLY fail. While the exam of a these actually failed for reasons all to do with me (not the politics), it also failed as at that time UK academia could not countenance a world in which it didn't do (in secret) whatever the NSA (or actually GCHQ) want to be said to be reality</div><div><br></div><div>If Anyone cares, Id trust NSA to do the right thing (even in its secret meetings with opened vendors). Id trust GCHQ no further than I can throw a cricket ball (perhaps because I'm English).</div><div><br></div><div><br></div></div><div style="padding-top: 5px; border-top-color: rgb(229, 229, 229); border-top-width: 1px; border-top-style: solid;"><div><font face=" 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif'" style='line-height: 15pt; letter-spacing: 0.02em; font-family: "Calibri", "Segoe UI", "Meiryo", "Microsoft YaHei UI", "Microsoft JhengHei UI", "Malgun Gothic", "sans-serif"; font-size: 12pt;'><b>From:</b> <a href="mailto:home_pw@msn.com" target="_parent">Peter Williams</a><br><b>Sent:</b> Monday, April 13, 2015 10:56 AM<br><b>To:</b> <a href="mailto:sakimura@gmail.com" target="_parent">Nat Sakimura</a>, <a href="mailto:samdt3263@gmail.com" target="_parent">Sam DT</a>, <a href="mailto:openid-general@lists.openid.net" target="_parent">openid-general@lists.openid.net</a></font></div></div><div><br></div><div dir="ltr">
<div>here is an example.</div><div><br></div><div>note how it “thinks” a bit different from folks on the standards committees, who tend to be contractors/consultant for governments and their plans for a regulated cloud world that governs all sorts of policy (from privacy, to brand protection, to IP, to fedramp logging for cyberwar), to <br></div><div><div><br></div><div>I’ve always supported personal identity (which lost its way in openid world, of course, as folks failed to make any money from the public). With an AS build into the app, and external AS from multiple/ clouds, one gets some of the old opened world - where one can dump google tomorrow and EASILY use other connected services vendors - without losing any control.</div><div><br></div><div>well done Microsoft, for keeping in mind the personal and then the private enterprise needs as well as the public utility concept for identity management. Tech architecture should for a world that can adapt to a hundred politics (from US/UK structured spying via “trusted” vendors, to Mr Castros more old fashioned internet monitoring, to the China national firewall… to Turkeys media censorship, to …whatever…</div><div><br></div><div><br></div><div>Sent from Windows Mail</div><div><br></div></div><div style="padding-top: 5px; border-top-color: rgb(229, 229, 229); border-top-width: 1px; border-top-style: solid;"><div><font face=" 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif'" style='line-height: 15pt; letter-spacing: 0.02em; font-family: "Calibri", "Segoe UI", "Meiryo", "Microsoft YaHei UI", "Microsoft JhengHei UI", "Malgun Gothic", "sans-serif"; font-size: 12pt;'><b>From:</b> <a href="mailto:home_pw@msn.com" target="_parent">Peter Williams</a><br><b>Sent:</b> Monday, April 13, 2015 10:29 AM<br><b>To:</b> <a href="mailto:sakimura@gmail.com" target="_parent">Nat Sakimura</a>, <a href="mailto:samdt3263@gmail.com" target="_parent">Sam DT</a>, <a href="mailto:openid-general@lists.openid.net" target="_parent">openid-general@lists.openid.net</a></font></div></div><div><br></div><div dir="">
<div>
<div style="font-family: Calibri,sans-serif; font-size: 11pt;">Millions of folks host ssl on 127.0.0.1.<br>
<br>
Remember,Microsoft tools for programmers offer sample code that builds a website with an oauth2 as to do resource owner grants and account linking, for free, hosted by default on 127.0.01 with options for SSL.<br>
<br>
Have to believe it will migrate to openid connect, as things gain traction.<br>
<br>
I know its tempting to think of this work as huge cloud/telco vendors, selling services to governments or their crypto regulated public etc.<br>
<br>
<br>
<br>
Sent from my Windows Phone</div>
</div>
<div dir="ltr">
<hr>
<span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">From:
</span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:sakimura@gmail.com" target="_parent">Nat Sakimura</a></span><br>
<span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Sent:
</span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">4/13/2015 2:49 AM</span><br>
<span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">To:
</span><span style="font-family: Calibri,sans-serif; font-size: 11pt;"><a href="mailto:samdt3263@gmail.com" target="_parent">Sam DT</a>;
<a href="mailto:openid-general@lists.openid.net" target="_parent">openid-general@lists.openid.net</a></span><br>
<span style="font-family: Calibri,sans-serif; font-size: 11pt; font-weight: bold;">Subject:
</span><span style="font-family: Calibri,sans-serif; font-size: 11pt;">Re: [OpenID] openID provider / server setting</span><br>
<br>
</div>
<div>
<div dir="ltr">I am terribly sorry that I have missed your message. <br>
<br>
A regular OP needs to serve over HTTPS. Thus, it cannot serve over 127.0.0.1, if that is what you mean by a locally hosted.
<div>Instead, you can use Self-Issued provider, which you can find the info at: </div>
<div><a href="http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued" target="_parent">http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued</a><br>
</div>
<div><br>
</div>
<div>Cheers, </div>
<div><br>
</div>
<div>Nat Sakimura</div>
<div><br>
</div>
</div>
<br>
<div class="x_gmail_quote">On Sat, Mar 21, 2015 at 5:19 PM Sam DT <<a href="mailto:samdt3263@gmail.com" target="_parent">samdt3263@gmail.com</a>> wrote:<br>
<blockquote class="x_gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;">
<div dir="ltr"><span style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">Hi,</span><br style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">
<br style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">
<span style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">I want to make my own local host an openID provider for the purpose of a class assignment.</span><br style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">
<span style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">The relying party that i have configured should redirect the user to my localhost page where i have hosted the server for authentication.</span><br style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">
<span style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">Can you tell me if this is possible using any openID library?</span><br style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">
<br style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">
<span style="color: rgb(68, 68, 68); line-height: 21.29px; font-family: Calibri,sans-serif; font-size: 15px;">I should be very thankful</span><br>
</div>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@lists.openid.net" target="_parent">general@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-general" target="_parent">http://lists.openid.net/mailman/listinfo/openid-general</a><br>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</body>
</html>