Subscribe

• Subscribe by Email
• Subscribe using any feed reader!
• Subscribe via RSS
• Subscribe to comments via RSS

Recent Posts

• Our Daily Beatles
• Multicolr
• RESTful Web Services Development Checklist
• Cute little vibrobot
• Escape the Circus
• Global Consciousness Project Dot
• Ecstasy and loud music affects rat sex life
• The Perl Foundation has migrated Perl 5 to the Git version control system
• We can use IE again !!
• Kast en sko på Bush
• Scientists extract images directly from brain
• I like to do this
• Amero the currency of The New World Order ??
• Man lives with Female Robot
• Giant crab on a garbage can
• The Elements
• Animusic
• We Need a Global Carbon Tax ?
• “Bailout” a rescue from financial distress
• Earth City Light

Categories

• Blogs
• Gadget
• Import
• Links
• Local News
• MARTINIC
• Music
• News
• nRing DB
• OpenSignOn
• Perl
• Photos
• Pictures
• Podcast
• Uncategorized
• Video
• Web Development

Archives

• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• July 2007
• June 2007

Links

• Inga Broerse
• kacokijk
• Milo Broerse
• My delicious page

Meta

• Log in

Mark of the Beast

November 17th, 2008   Tagged Identity
Posted in OpenSignOn  

Just something to think about when you talk about a single Identity number and a single global bank…. Always show your left hand

Book of revelations Chapter 13 verse 16-17:

“And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:” “And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.”

 

 

P3P Cookies

September 6th, 2008   Tagged Cookies, P3P
Posted in OpenSignOn, Web Development  

If we use the HTTPOnly flag for XSall perhaps we also have to add P3P headers. Just studying the topic now. Here are some links: P3P, Cookies and IE6.0: A Case Study Don’t get trapped by mixed headers

HTTPOnly ?

September 2nd, 2008   Tagged Cookies, OpenSignOn, OpenSignOn
Posted in OpenSignOn, Web Development  

The XSall implementation of OpenSignOn is not using the HTTPOnly flag now. I don’t see any XSS problems but perhaps it would not hurt to implement it. An extra wall always helps.

OpenID is looking for a new Executive Director

May 28th, 2008   Tagged OpenID, OpenSignOn
Posted in News, OpenSignOn, Web Development  

This seems more like fired for not pushing OpenID hard enough. The job is still vacant. It is a pity I am already the Executive Director of OpenSignOn

XSall login test

May 6th, 2008   Tagged login, PHP
Posted in OpenSignOn, Web Development  

Joren just created a WordPress php XSall ‘Login’. To leave a comment you must be logged in via the XSall login button on the upper right corner. We will try to create more ’Account’ options so everybody can leave comments.

OpenSignOn

May 5th, 2008   Tagged Domains
Posted in OpenSignOn, Web Development  

Working on the XSall OSO I just have been able to register OpenSignOn.com. It is just a name but it makes me happy to own it. More on XSall soon.

Clickpass OpenID

March 12th, 2008   Tagged Clickpass, OpenSignOn
Posted in OpenSignOn, Web Development  

Clickpass OpenID launched yesterday. They seem to make OpenID more usable. This is good. Perhaps we can add them as an XSall ID Provider.

Are IP addresses Personal?

February 29th, 2008   Tagged Google, IP numbers
Posted in OpenSignOn, Web Development  

Because we are building a Browser Based Authentication (BBA) system I came across this interesting article by Google. User trust is the most important factor of the BBA. We already have, with some regrets, striped some great features from the system because it would endanger the users privacy. The BBA will not use IP addresses to identify people and will safeguard the users privacy. More about the BBA when the system is ready.

OpenID 2.0

December 8th, 2007   Tagged OpenID
Posted in OpenSignOn, Web Development  

To go with the flow I think enabling XSall with OpenID will be a good thing. Read what Arthur Bergman has to say about OpenID here. Hulu will only let you see a video if your OpenID ends on the letter “U” or “S” ;-)

Perl HTTP_AUTHORIZATION test

October 10th, 2007   Tagged Apache, Authentication, OpenSignOn, Perl
Posted in OpenSignOn, Perl  

Theo wrote a HTTP_AUTHORIZATION test. If you have mod_rewrite enabled on your Apache 2 server put the following files in some folder. If you go to index.cgi from your browser it will show the default login box. Just enter  some username / password and they will be shown on the page. Very cool Theo. Thanks.

This will help me create the first XSall tests without using mod_perl. If someone likes to create a Digest example please do? I like to test it and perhaps blog about it.

---

.htaccess

RewriteEngine on
RewriteRule \.cgi$ - [E=HTTP_AUTHORIZATION:%{HTTP:AUTHORIZATION},L]

---

index.cgi

#!/usr/bin/perl

use strict;
use warnings;
use CGI ‘:cgi’;
use MIME::Base64;

binmode STDOUT;

my ($user, $password);
my $auth = $ENV{HTTP_AUTHORIZATION};

if(defined$auth and $auth =~ /^Basic\s+/) {
  $_ = decode_base64($’);
 ($user, $password) = split(‘:’); # What is the username or password contains a “:”?!
}

if(!defined($user) or $user eq ‘‘) {
 print “Status: 401\r\n”;
 print “WWW-Authenticate: Basic “;
 print “realm=\”testers\@taletn.com\”\r\n“;
 print “Content-Type: text/plain\r\n”;
 print “\r\n”;
 print “401\n”;
 exit 0;
}

print “Content-Type: text/plain\r\n”;
print “\r\n”;
print “Authorization: $auth\n”;
print “User: $user\n”;
print “Password: $password\n”;
exit 0;