?

Log in

No account? Create an account
OpenID consumer support - brad's life — LiveJournal [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

OpenID consumer support [Jun. 27th, 2005|05:26 pm]
Brad Fitzpatrick
[Tags|, ]

This is a test.
LinkReply

Comments:
From: ext_1
2005-06-28 12:26 am (UTC)
I am bradfitz.
(Reply) (Thread)
[User Picture]From: brad
2005-06-28 12:27 am (UTC)
Hell yes.
(Reply) (Parent) (Thread) (Expand)
From: ext_2
2005-06-28 12:31 am (UTC)
Woah, 4 years in the making.. Congrats..
This is a response to your testies..
(Reply) (Thread)
[User Picture]From: brad
2005-06-28 12:32 am (UTC)
Hey deadjournal beta test site guy! :-)
(Reply) (Parent) (Thread) (Expand)
From: ext_4
2005-06-28 12:41 am (UTC)
Hmm. Who the hell am I?
(Reply) (Thread)
From: ext_3
2005-06-28 12:50 am (UTC)
I don't know about you, but I'm number 3 (/~ext_3/info).
(Reply) (Parent) (Thread)
[User Picture]From: livejamie
2005-06-28 12:44 am (UTC)
how do i sign up?
(Reply) (Thread)
[User Picture]From: brad
2005-06-28 12:45 am (UTC)
You don't sign-up. Nobody runs it. Everybody runs it. :-)
(Reply) (Parent) (Thread) (Expand)
[User Picture]From: mart
2005-06-28 12:57 am (UTC)

Hmm. So now how can I be sure that ext_1 is the same person as brad? I think a good next step would be to allow logged-in LiveJournal users to optionally do the OpenID login dance to prove that they have a given OpenID identity. It could then be optionally displayed on the userinfo page.

…and woo — the ljuser link actually worked. Heh.

(Reply) (Thread)
From: ext_13
2005-06-28 01:10 am (UTC)
I agree Mart. That is a brilliant idea. I will do that as my highest priority, and I will also buy you an expensive car to show my appreciation of your greatness.
(Reply) (Parent) (Thread)
From: ext_6
2005-06-28 12:59 am (UTC)
Congratulations, Brad!

As you've read, we're pretty committed to this stuff at BlueBridge Technologies, and not too far behind in implementing consumer support into Level9.

What a milestone this is, indeed.

-Kris
(Reply) (Thread)
[User Picture]From: caladri
2005-06-28 01:20 am (UTC)
I am perhaps (read: definitely) too amused by the ability to enumerate the external IDs :)

ext_0 ext_1 ext_2 ext_3 ext_4 ext_5 ext_6 ext_7 ext_8 ext_9 ext_10 ext_11 ext_12 ext_13 ext_14 ext_15 ext_16 ext_17 ext_18 ext_19 ext_20 ext_21 ext_22 ext_23 ext_24 ext_25
(Reply) (Thread)
[User Picture]From: mart
2005-06-28 01:26 am (UTC)

Heh. I hadn't thought of that. Brilliant!

ext_26 ext_27 ext_28 ext_29 ext_30 ext_31 ext_32 ext_33 ext_34 ext_35 ext_36 ext_37 ext_38 ext_39 ext_40

I guess the above won't make any sense until there are that many identities. It will also make no sense once this little loophole is fixed. ;) Oh well.

(Reply) (Parent) (Thread) (Expand)
[User Picture]From: taral
2005-06-28 01:25 am (UTC)
Which openid version is this now?
(Reply) (Thread)
[User Picture]From: brad
2005-06-28 01:48 am (UTC)
The only one is existence anywhere.

Consider the DSA-based one a prototype.
(Reply) (Parent) (Thread)
[User Picture]From: taral
2005-06-28 01:39 am (UTC)
External assertion support is borken... or I need to change something.
(Reply) (Thread)
[User Picture]From: mart
2005-06-28 01:42 am (UTC)

The mechanism has changed a little bit since before. Take a look at the HTML header on Brad's site for an example. You need both openid.server and openid.delegate.

(Reply) (Parent) (Thread)
[User Picture]From: dossy
2005-06-28 01:55 am (UTC)
Hey, Brad -- could you elaborate on how you're computing openid.sig? Spec says: "base64(HMAC(secret(assoc_handle), token_contents)" ...
(Reply) (Thread)
[User Picture]From: brad
2005-06-28 01:56 am (UTC)
The source code is on CPAN. Net::OpenID::Consumer and Net::OpenID::Server
(Reply) (Parent) (Thread)
From: ext_26
2005-06-28 02:21 am (UTC)
cool dude!
(Reply) (Thread)
[User Picture]From: brn_eyd_grl
2005-06-28 03:48 am (UTC)
We don't get it. Can you explain or help? I tried to figure it out, but...I dunno...

See here: http://www.livejournal.com/users/dana_alison/443169.html
(Reply) (Thread)
From: ext_36
2005-06-28 05:00 am (UTC)

Look! OpenID folks get User Icons!

Oh, cool! OpenID folks get User Icons, too.

Now THIS is cool.

Feature Begging: Let an OpenID user specify an RSS URL. When someone adds an OpenID user to their Friends list, entries from the RSS URL show up on their Friends page.
(Reply) (Thread)
[User Picture]From: brad
2005-06-28 05:07 am (UTC)

Re: Look! OpenID folks get User Icons!

User icons are intentional. They'll eventually be auto-created from your FOAF image references.

RSS/Atom will also be automatically picked up from your identity URL and/or its FOAF information.
(Reply) (Parent) (Thread)
From: ext_46
2005-06-28 07:53 am (UTC)
This is also a test.
(Reply) (Thread)
[User Picture]From: taral
2005-06-28 06:01 pm (UTC)
Perhaps query strings should be forbidden in an openid?
(Reply) (Thread)
[User Picture]From: mart
2005-06-28 06:09 pm (UTC)

Were were discussing workarounds for the query string problem just yesterday. They can't be outright forbidden, really, since there are lots of sites which currently rely on them.


When it comes down to it, there's little to stop someone just putting the openid declaration at every URL on their site and doing a similar “attack” to the query string one we've seen here. There's little to be gained beyond a little amusement from doing this anyway, so it doesn't really seem to do much harm as least as far as I can see.

(Reply) (Parent) (Thread)