FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 05-29-2008, 02:02 AM
Mike McGrath
 
Default OpenID

Hey guys, so the last little bits are in good shape for the OpenID
provider we're attempting to be. Don't go announcing this to others yet.
Lets test it out, if it breaks something let us know. We'll be announcing
it officially soon. You can, for example, log in to livejournal.com with:


username.id.fedoraproject.org

as your openID provider.

For example, my openID url is mmcgrath.id.fedoraproject.org

-Mike

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 02:09 AM
Rahul Sundaram
 
Default OpenID

Mike McGrath wrote:

Hey guys, so the last little bits are in good shape for the OpenID
provider we're attempting to be. Don't go announcing this to others yet.
Lets test it out, if it breaks something let us know. We'll be announcing
it officially soon. You can, for example, log in to livejournal.com with:


username.id.fedoraproject.org

as your openID provider.

For example, my openID url is mmcgrath.id.fedoraproject.org


Cool. That works just fine.

Rahul

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 06:16 AM
Nicu Buculei
 
Default OpenID

Mike McGrath wrote:

Hey guys, so the last little bits are in good shape for the OpenID
provider we're attempting to be. Don't go announcing this to others yet.
Lets test it out, if it breaks something let us know. We'll be announcing
it officially soon. You can, for example, log in to livejournal.com with:


username.id.fedoraproject.org

as your openID provider.

For example, my openID url is mmcgrath.id.fedoraproject.org


It *almost* worked for me, until an "500 Internal error" in
https://admin.fedoraproject.org/accounts/openid/allow


--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com
Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/
Open Clip Art Library: http://www.openclipart.org
my Fedora stuff: http://fedora.nicubunu.ro

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 06:37 AM
Ricky Zhou
 
Default OpenID

On 2008-05-29 09:16:09 AM, Nicu Buculei wrote:
> It *almost* worked for me, until an "500 Internal error" in
> https://admin.fedoraproject.org/accounts/openid/allow
Ah, good find. I just tried to fix a bug in that, can you try again
with the same OpenID consumer and see if it works?

Thanks,
Ricky
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 09:41 AM
"Jonathan Roberts"
 
Default OpenID

2008/5/29 Mike McGrath <mmcgrath@redhat.com>:
> Hey guys, so the last little bits are in good shape for the OpenID
> provider we're attempting to be. Don't go announcing this to others yet.
> Lets test it out, if it breaks something let us know. We'll be announcing
> it officially soon. You can, for example, log in to livejournal.com with:
>
>
> username.id.fedoraproject.org
>
> as your openID provider.
>

Works perfectly, great work all

Jon

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 10:07 AM
Till Maas
 
Default OpenID

On Thu May 29 2008, Mike McGrath wrote:
> Hey guys, so the last little bits are in good shape for the OpenID
> provider we're attempting to be. Don't go announcing this to others yet.
> Lets test it out, if it breaks something let us know. We'll be announcing
> it officially soon. You can, for example, log in to livejournal.com with:

The login to livejournal worked for me, too. But after I have seen how it
works, I think it is too insecure to use the FAS password for authentication.
This makes it pretty easy for any openid user to get the FAS password,
because instead of really forwarding someone to the FAS homepage, one could
just present the FAS login form to get the password. Here is an interesting
blog article about security considerations wrt. openid:
http://idcorner.org/2007/08/22/the-problems-with-openid/

Regards,
Till
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 01:01 PM
"Jeffrey Ollie"
 
Default OpenID

2008/5/29 Till Maas <opensource@till.name>:
> On Thu May 29 2008, Mike McGrath wrote:
>> Hey guys, so the last little bits are in good shape for the OpenID
>> provider we're attempting to be. Don't go announcing this to others yet.
>> Lets test it out, if it breaks something let us know. We'll be announcing
>> it officially soon. You can, for example, log in to livejournal.com with:
>
> The login to livejournal worked for me, too. But after I have seen how it
> works, I think it is too insecure to use the FAS password for authentication.
> This makes it pretty easy for any openid user to get the FAS password,
> because instead of really forwarding someone to the FAS homepage, one could
> just present the FAS login form to get the password. Here is an interesting
> blog article about security considerations wrt. openid:
> http://idcorner.org/2007/08/22/the-problems-with-openid/

While I don't have any specific replies to the issues that Stefan
Brand points out in that article (I'm too new at the OpenID game), it
should be noted that Stefan is the owner of a company that is
developing a competing patented[1] technology that recently sold out
to Microsoft[2]. However, David Recordon does have a rebuttal of
Stefan's points[3].

[1] http://www.credentica.com/patent_portfolio.html
[2] http://idcorner.org/2008/03/06/microsoft-acquires-credenticas-u-prove-technology/
[3] http://daveman692.livejournal.com/310578.html

Jeff

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 01:03 PM
Kostas Georgiou
 
Default OpenID

On Thu, May 29, 2008 at 12:07:43PM +0200, Till Maas wrote:

> On Thu May 29 2008, Mike McGrath wrote:
> > Hey guys, so the last little bits are in good shape for the OpenID
> > provider we're attempting to be. Don't go announcing this to others yet.
> > Lets test it out, if it breaks something let us know. We'll be announcing
> > it officially soon. You can, for example, log in to livejournal.com with:
>
> The login to livejournal worked for me, too. But after I have seen how it
> works, I think it is too insecure to use the FAS password for authentication.
> This makes it pretty easy for any openid user to get the FAS password,
> because instead of really forwarding someone to the FAS homepage, one could
> just present the FAS login form to get the password. Here is an interesting
> blog article about security considerations wrt. openid:
> http://idcorner.org/2007/08/22/the-problems-with-openid/

A possible solution to the phishing issue might be to only allow ssl
client auth and not a login/password for a.fp.org/accounts/openid/login
this doesn't stop the phishing site asking for a password but the
difference might be enough for the user to notice that something is
wrong.

I am not sure that I see any value in OpenID in any case, there are very
few OpenID consumers that I know about.

Kostas

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 01:17 PM
"Jeffrey Ollie"
 
Default OpenID

On Thu, May 29, 2008 at 8:03 AM, Kostas Georgiou
<k.georgiou@imperial.ac.uk> wrote:
>
> A possible solution to the phishing issue might be to only allow ssl
> client auth and not a login/password for a.fp.org/accounts/openid/login
> this doesn't stop the phishing site asking for a password but the
> difference might be enough for the user to notice that something is
> wrong.

The phishing problem isn't unique to OpenID.

> I am not sure that I see any value in OpenID in any case, there are very
> few OpenID consumers that I know about.

While OpenID is definitely an emerging technology, there are a lot of
places where OpenID can be used to authenticate. Here are a couple of
sites that have directories of OpenID-enabled sites:

https://www.myopenid.com/directory
http://openiddirectory.com/

Jeff

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 05-29-2008, 02:15 PM
Nicu Buculei
 
Default OpenID

Ricky Zhou wrote:

On 2008-05-29 09:16:09 AM, Nicu Buculei wrote:
It *almost* worked for me, until an "500 Internal error" in
https://admin.fedoraproject.org/accounts/openid/allow

Ah, good find. I just tried to fix a bug in that, can you try again
with the same OpenID consumer and see if it works?


Yes, it works now (the consumer was blogger.com)

--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com
Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/
Open Clip Art Library: http://www.openclipart.org
my Fedora stuff: http://fedora.nicubunu.ro

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 09:41 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org