gmane.comp.web.openid.general

Re: [OpenID] Announcement : the presentasion on "NetCommons add-on module seminer"

Toshiya TSURU — 2012-05-09T00:32:04

Hi Nat,

情報有難うございます！

I read the page :
http://openid.net/connect/

and also  taking a look at the draft's!


On Tue, May 8, 2012 at 6:08 PM, Nat Sakimura <sakimura< at >gmail.com> wrote:

Re: [OpenID] Private Federation solution using OpenID

John Bradley — 2012-05-08T15:29:06

There are specs available on the OIDF website.

I would not recommend you doing it yourself.  There are a number of existing open source libraries to start from, or commercial products that can integrate to your AD or other internal directory.

Building not yourself without proper testing may not have a happy security outcome.

You also need to check with the SaaS provider to see what they support, some may still only support SAML.

John B.

On 2012-05-08, at 11:08 AM, Matheus Eduardo Bonifacio Morais wrote:


_______________________________________________
general mailing list
general< at >lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

Re: [OpenID] Private Federation solution using OpenID

Matheus Eduardo Bonifacio Morais — 2012-05-08T15:08:25

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for your reply John, the scenario is exactly what you described.
We will be the OpenID provider and the SaaS will be the relying party.
Do you know if there is some documentation already written on how to
implement an OpenID provider from scratch? I mean, just the auth
specification should be enough?

Thanks.

Em 08-05-2012 11:48, John Bradley escreveu:
Esta mensagem é somente para uso do destinatário informado e pode conter
informações privilegiadas, proprietárias, ou privadas. Se você recebeu
esta mensagem por engano, por favor notifique o remetente imediatamente
e apague a original. Qualquer uso deste email é proibido.
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete
the original. Any other use of the email by you is prohibited.
_______________________________________________
general mailin

Re: [OpenID] Private Federation solution using OpenID

John Bradley — 2012-05-08T14:48:20

If the SaaS provider is the RP and your company is the OP there is nothing that requires you to release any attributes to the SaaS provider via openID.

I don't think there is anything to stop you from doing that.

John B.

On 2012-05-08, at 10:18 AM, Matheus Eduardo Bonifacio Morais wrote:


_______________________________________________
general mailing list
general< at >lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

[OpenID] Private Federation solution using OpenID

Matheus Eduardo Bonifacio Morais — 2012-05-08T14:18:57

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

I work for a company which is looking for a federation solution to
SaaS applications used internally by the employees. For our use case
is mandatory that the user data could keep in private and the SaaS
provider must not have access to it. I was thinking to use OpenID
because is well written and the most important part, it is an
open-standard. For what I understood by reading the protocol
specification, this is not a goal of OpenID.

I would like to know if is possible to implement that kind of solution
and If I'm not hurting the main project goals as long as I will not
allow everyone to sign-in using an OpenID compatible account.

Thanks.

- -- 

Matheus Morais
Infraestrutura de TI
Confederação SICREDI ? Porto Alegre
51 3358-4700 ramal 7190

www.sicredi.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPqStQAAoJEJaxmh5NVUojoIcH/j7TLBPjfPZ1FXneJVU6

Re: [OpenID] Announcement : the presentasion on "NetCommons add-on module seminer"

Nat Sakimura — 2012-05-08T09:08:06

So, is that OpenID 2.0 or Connect?

Nat Sakimura

On 2012/05/08, at 6:21, Toshiya TSURU <turutosiya< at >gmail.com> wrote:

[OpenID] Announcement : the presentasion on "NetCommons add-onmodule seminer"

Toshiya TSURU — 2012-05-08T04:21:10

Hi

In my recnt work, I' ve done implementing OpenId OP/RP into NetCommons
and Mediawiki.
NetCommons is a Open Source LMS/CMS developed by NII(National
Institute of Informatics of Japan).
And Mediawiki is .... what you know, wiki system.

As a result of that work, I'll have a presentation at the seminer
named "NetCommons add-on module seminer" at 16th, Jun.
In the presentation, I'll be talking about What is OpenID, How to
implement it, and New topics about OpenID.

Does anyone has suggestions What is hot or What is new about OpenID?
please let me know.

Re: [OpenID] OpenID Connect Wins 2012 European Identity and Cloud Award

Mike Jones — 2012-04-18T17:45:47

Also announced at http://openid.net/2012/04/18/openid-connect-wins-2012-european-identity-and-cloud-award/.

From: openid-general-bounces< at >lists.openid.net [mailto:openid-general-bounces< at >lists.openid.net] On Behalf Of Don Thibeau
Sent: Wednesday, April 18, 2012 10:34 AM
To: general OpenID.com
Subject: [OpenID] OpenID Connect Wins 2012 European Identity and Cloud Award

OpenID Connect Wins 2012 European Identity and Cloud Award

Today at the European Identity and Cloud Conference<http://www.id-conf.com/events/eic2012> it was announced that OpenID Connect<http://openid.net/connect/> has won the 2012 European Identity and Cloud Award for "Best Innovation / New Standard". The OpenID Foundation and the Connect working group members want to thank Kuppinger Cole<http://www.kuppingercole.com/> for this prestigious award and their vote of confidence in the significance of OpenID Connect.

Dave Kearns of Kuppinger Cole said this about the award:

"I'm pleased that Kuppinger Cole has granted OpenID Connect the award f

[OpenID] OpenID Connect Wins 2012 European Identity and Cloud Award

Don Thibeau — 2012-04-18T17:33:58

 
OpenID Connect Wins 2012 European Identity and Cloud Award

Today at the European Identity and Cloud Conference it was announced that OpenID Connect has won the 2012 European Identity and Cloud Award for “Best Innovation / New Standard”. The OpenID Foundation and the Connect working group members want to thank Kuppinger Cole for this prestigious award and their vote of confidence in the significance of OpenID Connect.

Dave Kearns of Kuppinger Cole said this about the award:

“I’m pleased that Kuppinger Cole has granted OpenID Connect the award for Best Innovation/New Standard this year. What’s most impressive is that this elegantly simple design resulted from the cooperation of such a diverse global set of contributors. I expect OpenID Connect to have a substantial positive impact on usable, secure identity solutions both for traditional computing platforms and mobile devices. My congratulations to the OpenID Foundation!”

The application presented by the OpenID Foundation that resulted in the

Re: [OpenID] How to login in gmail with my other OpenID

Eric Sachs — 2012-04-10T15:57:07

You might want to experiment with the features described in these two
documents:

   - https://support.google.com/accounts/bin/topic.py?hl=en&topic=1204325
   - https://sites.google.com/site/gitooldocs/experiment---account-chooser<https://support.google.com/accounts/bin/topic.py?hl=en&topic=1204325>


However the main need is still improvement in the general usability of
federation login.  If you are interested you could follow the efforts of
the account chooser working group:

https://sites.google.com/site/oidfacwg/cdsdemo



On Tue, Apr 10, 2012 at 6:38 AM, Andrew Arnott <andrewarnott< at >gmail.com>wrote:

Re: [OpenID] How to login in gmail with my other OpenID

Andrew Arnott — 2012-04-10T13:38:05

That would require that Google act as an OpenID relying party, which it
doesn't, sadly.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre


On Tue, Apr 10, 2012 at 4:40 AM, Mitaka <mitakataka< at >mail.bg> wrote:

_______________________________________________
general mailing list
general< at >lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

[OpenID] How to login in gmail with my other OpenID

Mitaka — 2012-04-10T11:40:02

Hi I'm concerned with my privacy and security, so I like the idea of
OpenID accounts and I have a question:

If I have OpenID account, how I can login in gmail with it? Because I
want to use other OpenID, not the Google one...

[OpenID] Here, let me take that URL for you

SitG Admin — 2012-04-09T11:20:10

What happens if I notice someone enabling OpenID (with delegation) in 
their page's headers, but get to account creation before they do? I'm 
admittedly confused by the myopenid.com signup process (just looking 
at its first page, here), but if someone else beats me to 
registration, will myopenid.com let me create a *second* account 
which works just as well as the first? Perhaps prove my control of 
the domain through OP-supplied nonces that show up in my OpenID 
headers later, to keep Eve from simply creating another account? Is 
the myopenid.com Username configurable (it doesn't say), or am I 
forever stuck with what Eve put there? (I'm beginning to think that 
it would be simpler if we just never let me alter my page headers 
until I had signed up with a provider. But then we have to create the 
infrastructure to let OP's control what HTML code I can put on my own 
webpages, so that doesn't seem practical either. The current 
arrangement seems to be "say nothing, lest actively discouraging it 
give user

Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

Simon Josefsson — 2012-04-05T03:26:09

That's the next step...  the current mechanisms specifies OPENID/SAML20
as SASL and GSS-API mechanism, federating them is needed but is on a
higher level.

/Simon

Lewis Adam-CAL022 <Adam.Lewis< at >motorolasolutions.com> writes:

  do
 als
  ge

Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

Lewis Adam-CAL022 — 2012-04-05T01:58:07

Hi Simon, are you working on this within the context of the abfab working group?

-adam

-----Original Message-----
From: openid-general-bounces< at >lists.openid.net [mailto:openid-general-bounces< at >lists.openid.net] On Behalf Of Simon Josefsson
Sent: Tuesday, April 03, 2012 7:17 AM
To: Peter Williams
Cc: general< at >openid.net
Subject: Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

The "why" is indeed to get rid of the password exchange in
SMTP/IMAP/XMPP/etc.  There is nothing more or less to it than that.  I
strongly believe that if we want to make it easy to use OpenID (or SAML,
or any authentication technology) it must support non-web technology.

/Simon

Peter Williams <home_pw< at >msn.com> writes:

 do
 ls
 ge
_______________________________________________
general mailing list
general< at >lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-general

Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

Nat Sakimura — 2012-04-03T22:31:37

+1

On Tue, Apr 3, 2012 at 9:17 PM, Simon Josefsson <simon< at >josefsson.org> wrote:

Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

Simon Josefsson — 2012-04-03T12:17:23

The "why" is indeed to get rid of the password exchange in
SMTP/IMAP/XMPP/etc.  There is nothing more or less to it than that.  I
strongly believe that if we want to make it easy to use OpenID (or SAML,
or any authentication technology) it must support non-web technology.

/Simon

Peter Williams <home_pw< at >msn.com> writes:

 do
 ls
 ge

Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

Simon Josefsson — 2012-04-03T12:11:18


I'd like to implement that as well, eventually.  However, I don't see
how that enables OpenID?  It is OAuth.  It may enable OpenID Connect,
but there is still a large deployment of OpenID 2.0.

/Simon

Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

Nat Sakimura — 2012-04-01T08:37:36

Indeed, and we talk about it from time to time in and out if the WG.

I am hoping that the new web crypto wg at w3c may become a first step
towards  it.

=nat via iPhone

On 2012/04/01, at 2:50, Peter Williams <home_pw< at >msn.com> wrote:

[OpenID] windows 8 tablet, and openid

Peter Williams — 2012-03-31T18:41:13


ok Ill admit that we never "deployed" openid (as an IDP). I do have a nice codeplex project that is built on the 4windows openid library, that nicely emulates myopenid. But, Ive never had "need" to use it. We will see why below.

 

As an SP, we can accept openid messages from Google, Yahoo, myopenid and openlink4webid (courtesy of the Microsoft Azure openid->ws-fedp bridge). Today, a nice demo has folks with Google crdentials using them to land on Joomla (that we properly ws-fedp enabled). Joomla plugins (wordpress and all its plugins, and JomSocial) then round out the user-centric experience.

 

Since we bought into microsoft STS (passive) concept, the path from Google to Joomla actually wanders by other STSs, transparently. these create web-sessions in passing (and control flows, or add/transform claims). For exmaple, our realty authz claims inserted by an intermediated STS are mapped onto Joomla groups - which drives the flow in what is a now a 100% claims-drive website. Since folks have a google (and

Re: [OpenID] OpenID in SMTP/IMAP/XMPP/etc

Peter Williams — 2012-03-31T17:49:56

You stated is what it does (alongside lots of other GSS API methods wrapped by SASL, to do the same GSS defined mechanism/service). It said nothing more than the original annoucement (SASL now does openid auth, too, wrapped in GSS API constructs)

 

But why does it need to exist?

 

What is the distinguishing feature?

 

is it assurance, perhaps (since GSS is a gatekeeper on OS-mediated asurance for security mechanisms, typically).

 

For example, webby openid did something better than SAML2, properly using discovery of metadata to drive such as openid delegation, allow for failover or renaming of IDP endpoint domains, etc etc. And, it all used webby expression of such metadata (rel headers, or an XML file on an https or XRI resolver endpoint). This was "why" it did something distinct from SAML2's authReq protocol as delivered in practice (with which openid is functionally identical "at the GSS level"). The openid/oauth went a bit further, for API access to IDP followup-services (post-authn)

 

 

The