Unfortunately, it might be quite hard for MediaWiki admins to set up SSL comparing to what they do to setup MediaWiki or it's extensions. Looks like XRDS is "easier" approach to implement.
Sergey
On Sun, Apr 19, 2009 at 3:46 PM, Peter Williams pwilliams@rapattoni.comwrote:
This could be interesting of itself in the uci spirit of openid.
One can use yahoos willingess to rely without warning on a https realm as an authentication scheme. Yahoo implies that the https cert on an https realm is "valid" (wrt its trust list, its handling of crls and arls). A reputation service can now crawl which sites yahoo so rates, and publish a meta reliance signal (by updating its ocsp database for example). Those rp doing discovery on smaller ops might configure their ssl client engines to use that ocsp source, when qualifying the original yahoo rp (now acting as an asserting or attribute authority/agent of the dataowner (ie the user) ).
From: Allen Tom atom@yahoo-inc.com Sent: Sunday, April 19, 2009 12:34 PM To: Sergey Chernyshev sergey.chernyshev@gmail.com Cc: Wikimedia developers wikitech-l@lists.wikimedia.org; general@openid.net general@openid.net Subject: Re: [OpenID] OpenID MediaWiki Extension v.0.8.4.1 - Identity Providers UI
Hi Sergey,
The Yahoo OpenID Provider will display a warning to the user if the RP's OpenID endpoints are not discoverable.
Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate.
The best documentation for fixing this issue is here: http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html
The AOL Sign-in form fails if the user just clicks the Login Button without entering their AOL ScreenName. You might want to disable the button until after the user types in their ScreenName. This will only be an issue until AOL upgrades their OpenID Provider from OpenID 1.1 to OpenID 2.0. Once they have OpenID 2.0 support, you'll be able to handle AOL logins identically to Google and Yahoo.
Good job! Allen
Sergey Chernyshev wrote: Hi,
I'm done with initial implementation of Identity Providers UI for OpenID MediaWiki Extension.
Extension now shows a user-friendly (although my design skills are far from perfect) form where they can pick from a list of OpenID providers (generic OpenID URL form is still default).
You can see it in action here: http://www.mediawikiwidgets.org/Special:OpenIDLogin http://www.techpresentations.org/Special:OpenIDLogin (without icons - I'll enable them later)
After some discussions and concerns here on the list, I implemented it in the way that provider logos don't show up by default and if you would like to show them on your site, you have to add:
$wgOpenIDShowProviderIcons = true;to your LocalSettings.php
Hope you like it, but I'm still open to suggestions about improving the interface so you all finally install it on your wikis ;)
Thank you,
Sergey-- Sergey Chernyshev http://www.sergeychernyshev.com/
general mailing list general@openid.netmailto:general@openid.net http://openid.net/mailman/listinfo/general
wikitech-l@lists.wikimedia.org