Unfortunately, it might be quite hard for MediaWiki admins to set up SSL
comparing to what they do to setup MediaWiki or it's extensions. Looks like
XRDS is "easier" approach to implement.
Sergey
On Sun, Apr 19, 2009 at 3:46 PM, Peter Williams <pwilliams(a)rapattoni.com>wrote;wrote:
This could be interesting of itself in the uci spirit
of openid.
One can use yahoos willingess to rely without warning on a https realm as
an authentication scheme. Yahoo implies that the https cert on an https
realm is "valid" (wrt its trust list, its handling of crls and arls). A
reputation service can now crawl which sites yahoo so rates, and publish a
meta reliance signal (by updating its ocsp database for example). Those rp
doing discovery on smaller ops might configure their ssl client engines to
use that ocsp source, when qualifying the original yahoo rp (now acting as
an asserting or attribute authority/agent of the dataowner (ie the user) ).
________________________________
From: Allen Tom <atom(a)yahoo-inc.com>
Sent: Sunday, April 19, 2009 12:34 PM
To: Sergey Chernyshev <sergey.chernyshev(a)gmail.com>
Cc: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>rg>;
general(a)openid.net <general(a)openid.net>
Subject: Re: [OpenID] OpenID MediaWiki Extension v.0.8.4.1 - Identity
Providers UI
Hi Sergey,
The Yahoo OpenID Provider will display a warning to the user if the RP's
OpenID endpoints are not discoverable.
Warning: This website has not confirmed its identity with Yahoo! and might
be fraudulent. Do not share any personal information with this website
unless you are certain it is legitimate.
The best documentation for fixing this issue is here:
http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html
The AOL Sign-in form fails if the user just clicks the Login Button without
entering their AOL ScreenName. You might want to disable the button until
after the user types in their ScreenName. This will only be an issue until
AOL upgrades their OpenID Provider from OpenID 1.1 to OpenID 2.0. Once they
have OpenID 2.0 support, you'll be able to handle AOL logins identically to
Google and Yahoo.
Good job!
Allen
Sergey Chernyshev wrote:
Hi,
I'm done with initial implementation of Identity Providers UI for OpenID
MediaWiki Extension.
Extension now shows a user-friendly (although my design skills are far from
perfect) form where they can pick from a list of OpenID providers (generic
OpenID URL form is still default).
You can see it in action here:
http://www.mediawikiwidgets.org/Special:OpenIDLogin
http://www.techpresentations.org/Special:OpenIDLogin (without icons - I'll
enable them later)
After some discussions and concerns here on the list, I implemented it in
the way that provider logos don't show up by default and if you would like
to show them on your site, you have to add:
$wgOpenIDShowProviderIcons = true;
to your LocalSettings.php
Hope you like it, but I'm still open to suggestions about improving the
interface so you all finally install it on your wikis ;)
Thank you,
Sergey
--
Sergey Chernyshev
http://www.sergeychernyshev.com/
________________________________
_______________________________________________
general mailing list
general@openid.net<mailto:general@openid.net>
http://openid.net/mailman/listinfo/general