Not logged in. · Lost password · Register
Forum: Support Ideas and suggestions RSS
OpenID in UNB
Page:  1  2  next 
Avatar
Reply · Quote Akos Szederjei 2005-08-02, 12:09 #1
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
Subject: OpenID in UNB
I regularly use OpenID (http://www.openid.net/) on sites which offer this service and I found it quite useful for simplifying login procedures at different site.
 
I am no programmer so I do not know how difficult it would be to implement, but It would be nice to have that feature available for our favourite board. Besides they would like to see it implemented in bulletin boards (http://www.lifewiki.net/openid/OpenIDWishlist), it would be a good advertisement.   :-)
 
Just  suggestion of mine...
Avatar
Reply · Quote Yves (Administrator) 2005-08-02, 14:40 #2
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Wow, now that does sound complicated. I must admit I didn't fully understand how this all works. I don't even have a blog. And from this point I cannot believe this feature is useful for a significant number of users now and in the near future. They'd all need a blog or own a URL worth remembering, right? I haven't seen any statistics, now it's up to you to prove me different. ;)
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Reply · Quote halr9000 2005-08-02, 17:59 #3
User title: Psi Webmaster
Member since Jul 2004 · 157 posts · Location: Atlanta, Georgia, USA
Group memberships: Members
Show profile · Link to this post
Subject: +1
I think we at the very beginning of seeing these consumer-level SSO (single sign on) systems.  There are a few systems out there aside from OpenID.  Passel is one, you can read about it on http://planet.jabber.org.

Yves, I think you should keep an eye on this concept, I think in a year or so a lot of apps will have support for this type of thing.  In particular the blog systems such as Wordpress and Movable Type would be early adopters.  I think forums would be ideal too...
-hal
http://psi.affinix.com
http://halr9000.com
Avatar
Reply · Quote Akos Szederjei 2005-08-02, 19:27 #4
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
In reply to post #2
Subject: concept
I agree with Halr9000 that it is a new concept, but as I said, it is very much dependent on the complexity of the implementation.

On how it works, well "the how it works" chapter explains it through an example.  :-D  But is not limited to blogs. despite the example.

There are two ways to use OpenID: as a consumer and being a server. Consumer is when the site accepts other OpenID identities from OpenID servers . Basically I am loged in on site1.com as joe, I can login on any OpenID consumer site as joe.site1.com (if the site is validated on the OpenID server of site1.com). Server is when let's say UNB runs an OpenID server than we could use our UNB identity to log in to other sites using OpenID.

Statistics. Well, there is not much to say or to show at the moment, since it is new. Again, while HTML templates for example are definitely more important, it is a nice feature.
This post was edited on 2005-08-02, 19:43 by Akos Szederjei.
Avatar
Reply · Quote Yves (Administrator) 2005-08-02, 20:52 #5
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Well, it's not so new after all. There's already a bug registered wanting Passport support or something similar, I'm going to update it to OpenID.

I read that "how it works" section but it sounds very generic to me and lacks of important details that would explain that magic. The specs on the other side sound a lot like from a boring IETF or RFC paper. I'd wish some graphics and simple technical details in that overview to get a better feeling for it. I don't have the time to read it all right now, so I can't give any outlook on what I'll do with it for now.

Update: Bug #203
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
This post was edited on 2005-08-02, 20:57 by Yves.
Avatar
Reply · Quote halr9000 2005-08-02, 20:58 #6
User title: Psi Webmaster
Member since Jul 2004 · 157 posts · Location: Atlanta, Georgia, USA
Group memberships: Members
Show profile · Link to this post
My opinion is that OpenID, or something similar to it, will become popular and will totally supplant the centralized systems like Passport.
-hal
http://psi.affinix.com
http://halr9000.com
Avatar
Reply · Quote Yves (Administrator) 2005-08-02, 21:01 #7
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Well, maybe. But this one is a little too abstract to me, I'd like to see it live first. If someone wants to make a plug-in before me, I'll do what I can to provide the required interfaces.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Reply · Quote Akos Szederjei 2005-08-02, 21:42 #8
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
There is one thing where Yves is right: it should develop a bit more.

For server solutions  check here http://www.lifewiki.net/openid/OpenIDServers and for Consumer solution here: http://www.lifewiki.net/openid/OpenIDConsumers. PHP, which I think would be interesting for UNB, is still work in progress and by far not complete. If there is a usable code in PHP for OpenID implementation I will nag Yves again.

Until then Yves, keep this feature in mind!  :-D
Avatar
Reply · Quote Yves (Administrator) 2005-08-02, 22:38 #9
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I keep it in my digitally extended mind, aka bug tracker. :)
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Reply · Quote Akos Szederjei 2008-01-23, 10:32 #10
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
2 and and a half years later....  :-)

I thought I put my incoherent opinions to paper (to  UNB actually... ), although UNB2 is under construction already.

OpenID seems to get mainstream. Yahoo implements it and more and more forum software get this functionality.

I found one very compelling reason why it would be a good feature: integration. Integration in a sense, that until know if anyone wanted to use UNB with a portal, wiki or whatever, there was the problem of separate logins (or the requirement to use less than reliable "bridges"). Openid I would solve this problem from the other direction. You do not need tho have to have the users password and login in a common database, because OpenID does that. Since many portal software dos or will have openid (Joomla, Drupal, etc.) it would be mighty convenient .

I am no programmer, but I would be genuinely interested, how much resources it would take to implement it.

I found this, which may prove helpful. The gentleman seems to be quite involved in OpenID, he created the myopenid.com site.

Opinions?
Avatar
Reply · Quote halr9000 2008-01-23, 13:36 #11
User title: Psi Webmaster
Member since Jul 2004 · 157 posts · Location: Atlanta, Georgia, USA
Group memberships: Members
Show profile · Link to this post
My predictions seem to be holding up pretty well.  :D  AOL, Wordpress, Livejournal and a ton of little guys are supporting OpenID now.  I really think OpenID is well past the experimentation phase at this point.  Here's a list of providers out there: http://wiki.openid.net/OpenIDServers
-hal
http://psi.affinix.com
http://halr9000.com
Avatar
Reply · Quote Akos Szederjei 2008-01-23, 15:30 #12
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
 :-D  /tap on shoulder/

Anyway not on the list, but quite a lot of users at Google's Blogger , which allows commenting with OpenID, I like that. Also Yahoo! will have OpenID from the 30th of January, see here.
Avatar
Reply · Quote Yves (Administrator) 2008-01-23, 18:59 #13
User title: UNB developer & webmaster
Member since Jan 2004 · 3740 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
In reply to post #10
I must confess that I'm not familiar with OpenID and I don't like the small bits I do know about it. It seems that I need to update my knowledge at least. But chances are small that I will find the time for it before May this year. No schedule beyond that now. Some points that come to my mind:

  • Need different (optional) login form
  • Need to create a new user account if used the OpenID token the first time
  • How to handle purged user account when the user comes back in two years? (Older posts will be inaccessible to editing)
  • Need to assign a local user name in case OpenID doesn't provide one or it is already used
  • The provided library is Apache-licensed, which is compatible to GPLv3 but not GPLv2 (says GNU.org) (but switching to GPLv3-only would be the least problem because I've already intended that for UNB2)

That should be pretty much it. But first, I must know and understand how OpenID works before I can support it as an access mechanism.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Reply · Quote Akos Szederjei 2008-01-23, 22:57 #14
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
I will try to answer and / or research your points, although I also have some issues, which I have no answer too it. Si here is my user experience with OpenID.


Quote by Yves:
  • Need different (optional) login form

Maybe this helps somewhat? It is a description how they implemented OpenID for Plaxo.

Quote by Yves:
  • Need to create a new user account if used the OpenID token the first time
I do not think this process should be automated (see below). I think if I get all fields filled out with OpenID data and I only have to push a "register" button is help enough. But being able to edit my registration data is important. Also, as a board admin one will have a lots of request about not wanting the OpenID nickname as username on the forum (or if that username is not available than an alternative one, etc.



Quote by Yves:
  • How to handle purged user account when the user comes back in two years? (Older posts will be inaccessible to editing)
Good question, will think about that.

Quote by Yves:
  • Need to assign a local user name in case OpenID doesn't provide one or it is already used
I tried and tested the in-development OpenID module for phpbb here. Since it is under development my opinion more about what to avoid than criticizing the development over there.
I signed in with my delegated domain name (irrelevant I think) httt://darkdawn.eu, which points to michaelsd.myopenid.com. I registerd as a new user using OpenID. What happend is that I got registered but the nickname was not used from my OpenID info (will be in the future I assume) and I can not change anything in my profile because it requires a password, which I do not have, since I was not asked for one.
So  not only local username has to be checked, but also how the password question is dealt with. Do we accept an OpenID confirmation as password for changing the profile? If not a password has to be requested from the registerin users, otherwise they are stuck.


Quote by Yves:
  • The provided library is Apache-licensed, which is compatible to GPLv3 but not GPLv2 (says GNU.org) (but switching to GPLv3-only would be the least problem because I've already intended that for UNB2)
I can not comment on that, really.


And a question. If anyone can have an OpenID server,  Ivan Spamking, could mke an OpenID server fir himself and register where ever he wants to with OpenID and spam that sites? Or not?
Avatar
Reply · Quote Akos Szederjei 2008-01-24, 04:41 #15
Member since Jul 2005 · 31 posts · Location: Budapest (usually, or somewhere in Europe)
Group memberships: Members
Show profile · Link to this post
I found here  another approach to implement OpeniD from Simon Willison, who is quite active regarding OpenID.

His site (Django People) implements OpenID in the following way:

   1.  When signing up for a new account, you now have the option to start by signing in with an OpenID. If you do this, you’ll be able to complete the signup form without having to pick a password. If your OpenID provider supports simple registration the name, e-mail address and username fields will be filled in for you.

This one is the no password is required and let's accept OpenID as proof for account changes too (altough that is not mentioned),.

  2. If you already have an existing account, you can associate one or more OpenIDs with that account. You’ll then be able to use any of them to sign in to the account. Why multiple OpenIDs instead of just one? Two reasons: firstly, it opens the potential for doing interesting things with multiple OpenIDs from different providers in the future; secondly, it gives you a fallback for if one of your OpenID providers becomes unavailable.

I am not sure that is necessary for a newsboard.

   3. You can freely add and remove OpenIDs from your associations, with one exception: the site won’t let you delete your last OpenID if your account doesn’t also have a password associated with it, to prevent you from locking yourself out.

If one goes without password (1.), than this is a must.

   4. While I decided that I didn’t want Django People to become yet another OpenID provider, I do want to give people the ability to use their profile page on the site as an OpenID—so that they can prove that they own it (see my recent post on identity projection). To that end, the new account settings page lets advanced OpenID users set up an openid.server and openid.delegate for their profile page, as described in my blog entry from just over a year ago.

Unnecessary for a newsboard, IMHO.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please note the verification code from the picture into the text field next to it.
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Page:  1  2  next 

Go to forum
This board is powered by the Unclassified NewsBoard software, 20100516-dev, © 2003-10 by Yves Goergen
Page created in 428 ms (384 ms) · 133 database queries in 220 ms
Current time: 2010-07-30, 10:56:46 (UTC +02:00)