|
|
05-29-2008, 03:02 AM
|
|
|
OpenID
Hey guys, so the last little bits are in good shape for the OpenID
provider we're attempting to be. Don't go announcing this to others yet.
Lets test it out, if it breaks something let us know. We'll be announcing
it officially soon. You can, for example, log in to livejournal.com with:
username.id.fedoraproject.org
as your openID provider.
For example, my openID url is mmcgrath.id.fedoraproject.org
-Mike
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 03:09 AM
|
|
|
OpenID
Mike McGrath wrote:
Hey guys, so the last little bits are in good shape for the OpenID
provider we're attempting to be. Don't go announcing this to others yet.
Lets test it out, if it breaks something let us know. We'll be announcing
it officially soon. You can, for example, log in to livejournal.com with:
username.id.fedoraproject.org
as your openID provider.
For example, my openID url is mmcgrath.id.fedoraproject.org
Cool. That works just fine.
Rahul
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 07:16 AM
|
|
|
OpenID
Mike McGrath wrote:
Hey guys, so the last little bits are in good shape for the OpenID
provider we're attempting to be. Don't go announcing this to others yet.
Lets test it out, if it breaks something let us know. We'll be announcing
it officially soon. You can, for example, log in to livejournal.com with:
username.id.fedoraproject.org
as your openID provider.
For example, my openID url is mmcgrath.id.fedoraproject.org
It *almost* worked for me, until an "500 Internal error" in
https://admin.fedoraproject.org/accounts/openid/allow
--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com
Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/
Open Clip Art Library: http://www.openclipart.org
my Fedora stuff: http://fedora.nicubunu.ro
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 07:37 AM
|
|
|
OpenID
On 2008-05-29 09:16:09 AM, Nicu Buculei wrote:
> It *almost* worked for me, until an "500 Internal error" in
> https://admin.fedoraproject.org/accounts/openid/allow
Ah, good find. I just tried to fix a bug in that, can you try again
with the same OpenID consumer and see if it works?
Thanks,
Ricky
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 10:41 AM
|
|
|
OpenID
2008/5/29 Mike McGrath <mmcgrath@redhat.com>:
> Hey guys, so the last little bits are in good shape for the OpenID
> provider we're attempting to be. Don't go announcing this to others yet.
> Lets test it out, if it breaks something let us know. We'll be announcing
> it officially soon. You can, for example, log in to livejournal.com with:
>
>
> username.id.fedoraproject.org
>
> as your openID provider.
>
Works perfectly, great work all 
Jon
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 11:07 AM
|
|
|
OpenID
On Thu May 29 2008, Mike McGrath wrote:
> Hey guys, so the last little bits are in good shape for the OpenID
> provider we're attempting to be. Don't go announcing this to others yet.
> Lets test it out, if it breaks something let us know. We'll be announcing
> it officially soon. You can, for example, log in to livejournal.com with:
The login to livejournal worked for me, too. But after I have seen how it
works, I think it is too insecure to use the FAS password for authentication.
This makes it pretty easy for any openid user to get the FAS password,
because instead of really forwarding someone to the FAS homepage, one could
just present the FAS login form to get the password. Here is an interesting
blog article about security considerations wrt. openid:
http://idcorner.org/2007/08/22/the-problems-with-openid/
Regards,
Till
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 02:01 PM
|
|
|
OpenID
2008/5/29 Till Maas <opensource@till.name>:
> On Thu May 29 2008, Mike McGrath wrote:
>> Hey guys, so the last little bits are in good shape for the OpenID
>> provider we're attempting to be. Don't go announcing this to others yet.
>> Lets test it out, if it breaks something let us know. We'll be announcing
>> it officially soon. You can, for example, log in to livejournal.com with:
>
> The login to livejournal worked for me, too. But after I have seen how it
> works, I think it is too insecure to use the FAS password for authentication.
> This makes it pretty easy for any openid user to get the FAS password,
> because instead of really forwarding someone to the FAS homepage, one could
> just present the FAS login form to get the password. Here is an interesting
> blog article about security considerations wrt. openid:
> http://idcorner.org/2007/08/22/the-problems-with-openid/
While I don't have any specific replies to the issues that Stefan
Brand points out in that article (I'm too new at the OpenID game), it
should be noted that Stefan is the owner of a company that is
developing a competing patented[1] technology that recently sold out
to Microsoft[2]. However, David Recordon does have a rebuttal of
Stefan's points[3].
[1] http://www.credentica.com/patent_portfolio.html
[2] http://idcorner.org/2008/03/06/microsoft-acquires-credenticas-u-prove-technology/
[3] http://daveman692.livejournal.com/310578.html
Jeff
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 02:03 PM
|
|
|
OpenID
On Thu, May 29, 2008 at 12:07:43PM +0200, Till Maas wrote:
> On Thu May 29 2008, Mike McGrath wrote:
> > Hey guys, so the last little bits are in good shape for the OpenID
> > provider we're attempting to be. Don't go announcing this to others yet.
> > Lets test it out, if it breaks something let us know. We'll be announcing
> > it officially soon. You can, for example, log in to livejournal.com with:
>
> The login to livejournal worked for me, too. But after I have seen how it
> works, I think it is too insecure to use the FAS password for authentication.
> This makes it pretty easy for any openid user to get the FAS password,
> because instead of really forwarding someone to the FAS homepage, one could
> just present the FAS login form to get the password. Here is an interesting
> blog article about security considerations wrt. openid:
> http://idcorner.org/2007/08/22/the-problems-with-openid/
A possible solution to the phishing issue might be to only allow ssl
client auth and not a login/password for a.fp.org/accounts/openid/login
this doesn't stop the phishing site asking for a password but the
difference might be enough for the user to notice that something is
wrong.
I am not sure that I see any value in OpenID in any case, there are very
few OpenID consumers that I know about.
Kostas
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 02:17 PM
|
|
|
OpenID
On Thu, May 29, 2008 at 8:03 AM, Kostas Georgiou
<k.georgiou@imperial.ac.uk> wrote:
>
> A possible solution to the phishing issue might be to only allow ssl
> client auth and not a login/password for a.fp.org/accounts/openid/login
> this doesn't stop the phishing site asking for a password but the
> difference might be enough for the user to notice that something is
> wrong.
The phishing problem isn't unique to OpenID.
> I am not sure that I see any value in OpenID in any case, there are very
> few OpenID consumers that I know about.
While OpenID is definitely an emerging technology, there are a lot of
places where OpenID can be used to authenticate. Here are a couple of
sites that have directories of OpenID-enabled sites:
https://www.myopenid.com/directory
http://openiddirectory.com/
Jeff
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
05-29-2008, 03:15 PM
|
|
|
OpenID
Ricky Zhou wrote:
On 2008-05-29 09:16:09 AM, Nicu Buculei wrote:
It *almost* worked for me, until an "500 Internal error" in
https://admin.fedoraproject.org/accounts/openid/allow
Ah, good find. I just tried to fix a bug in that, can you try again
with the same OpenID consumer and see if it works?
Yes, it works now (the consumer was blogger.com)
--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com
Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/
Open Clip Art Library: http://www.openclipart.org
my Fedora stuff: http://fedora.nicubunu.ro
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
|
|
|
All times are GMT. The time now is 12:36 AM.
VBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org
|
