Broerse Blog » OpenSignOn

ITbende Podcast site nu live

Martin — Tue, 05 May 2009 09:09:55 +0000

De ITbende site is nu te bekijken op www.itbende.nl. De 1e ITbende Podcast zal vrijdag worden opgenomen. Je kan nu alvast luisteren naar de 2 Devcasts opgenomen voor de ontwikkelaars van het personalized podcast syteem.

Comments on this blog

Martin — Sat, 07 Mar 2009 21:44:42 +0000

You can only leave a comment on this blog if your logged-in via the XSall.com OSO. You normally found out about this after you wrote a comment. This was quite some pain because you had to write your comment twice. I fixed this today. Now you can’t write a comment before you are logged-in.

Selenium

Martin — Wed, 25 Feb 2009 07:06:47 +0000

James Gardner wrote this about Selenium. It seems handy to test XSall.com Because XSall.com is so secure it is very hard to test it. Thanks for the tip James.

OpenID Login is working

Martin — Wed, 25 Feb 2009 04:13:34 +0000

Thanks everybody for testing the OpenID identity provider on XSall.com. The Microsoft live ID http://openid.live-int.com you can create on https://login.live-int.com/beta/ManageOpenID.srf was not working. Many thanks to Martin Atkins for his help fixing this.

In this test we found out that it is not logical for people to not enter a password for an OpenID on XSall.com. Perhaps we will have to change something in the GUI. Letting users enter a password we don’t use is strange too.

OpenID password box fixed

Martin — Tue, 17 Feb 2009 17:25:21 +0000

When you on XSall.com select OpenID from the Select-Box you can’t enter a Password anymore. We fixed this today using JavaScript. Of course the Password was not used but is was strange you could enter one. If you see something strange happening in your browser when you select OpenID please let us know.

Help us test OpenID

Martin — Mon, 16 Feb 2009 02:31:10 +0000

If you have an OpenID please check if you can login via this site and leave a comment if you can or can’t. If you can’t please tell us the error you get. If you are successfully logged-in you see this: ->

On XSall we need to remove the password box if you select OpenID. Leave the password box empty until we do.

OpenID’s we think work are:

username.wordpress.com
yahoo.com
username.myopenid.com
username.myid.net
username.pip.verisignlabs.com
username.myvidoop.com/
www.google.com/accounts/o8/id
blogname.blogspot.com
mijnopenid.nl/is/username
technorati.com/people/technorati/username
claimid.com/username

Mark of the Beast

Martin — Mon, 17 Nov 2008 18:00:29 +0000

Just something to think about when you talk about a single Identity number and a single global bank…. Always show your left hand

Book of revelations Chapter 13 verse 16-17:

“And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:” “And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.”

P3P Cookies

Martin — Sat, 06 Sep 2008 08:53:21 +0000

If we use the HTTPOnly flag for XSall perhaps we also have to add P3P headers. Just studying the topic now. Here are some links: P3P, Cookies and IE6.0: A Case Study Don’t get trapped by mixed headers

HTTPOnly ?

Martin — Tue, 02 Sep 2008 19:21:53 +0000

The XSall implementation of OpenSignOn is not using the HTTPOnly flag now. I don’t see any XSS problems but perhaps it would not hurt to implement it. An extra wall always helps.

OpenID is looking for a new Executive Director

Martin — Wed, 28 May 2008 20:14:11 +0000

This seems more like fired for not pushing OpenID hard enough. The job is still vacant. It is a pity I am already the Executive Director of OpenSignOn