ITbende Podcast site nu live

ITbende Logo De ITbende site is nu te bekijken op www.itbende.nl. De 1e ITbende Podcast zal vrijdag worden opgenomen. Je kan nu alvast luisteren naar de 2 Devcasts opgenomen voor de ontwikkelaars van het personalized podcast syteem.

Comments on this blog

You can only leave a comment on this blog if your logged-in via the XSall.com OSO. You normally found out about this after you wrote a comment. This was quite some pain because you had to write your comment twice. I fixed this today. Now you can’t write a comment before you are logged-in.

Selenium

James Gardner wrote this about Selenium. It seems handy to test XSall.com Because XSall.com is so secure it is very hard to test it. Thanks for the tip James.

OpenID Login is working

OpenSignOn LoginThanks everybody for testing the OpenID identity provider on XSall.com. The Microsoft live ID http://openid.live-int.com you can create on https://login.live-int.com/beta/ManageOpenID.srf was not working. Many thanks to Martin Atkins for his help fixing this. 

In this test we found out that it is not logical for people to not enter a password for an OpenID on XSall.com. Perhaps we will have to change something in the GUI. Letting users enter a password we don’t use is strange too.

OpenID password box fixed

When you on XSall.com select OpenID from the Select-Box you can’t enter a Password anymore. We fixed this today using JavaScript. Of course the Password was not used but is was strange you could enter one. If you see something strange happening in your browser when you select OpenID please let us know.

Help us test OpenID

If you have an OpenID please check if you can login via this site and leave a comment if you can or can’t. If you can’t please tell us the error you get. If you are successfully logged-in you see this: ->

On XSall we need to remove the password box if you select OpenID. Leave the password box empty until we do.

OpenID’s we think work are:

username.wordpress.com
yahoo.com
username.myopenid.com
username.myid.net
username.pip.verisignlabs.com
username.myvidoop.com/
www.google.com/accounts/o8/id
blogname.blogspot.com
mijnopenid.nl/is/username
technorati.com/people/technorati/username
claimid.com/username

Mark of the Beast

Just something to think about when you talk about a single Identity number and a single global bank…. Always show your left hand 😉

Book of revelations Chapter 13 verse 16-17:

“And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:” “And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.”

 

 

P3P Cookies

If we use the HTTPOnly flag for XSall perhaps we also have to add P3P headers. Just studying the topic now. Here are some links: P3P, Cookies and IE6.0: A Case Study Don’t get trapped by mixed headers

HTTPOnly ?

The XSall implementation of OpenSignOn is not using the HTTPOnly flag now. I don’t see any XSS problems but perhaps it would not hurt to implement it. An extra wall always helps.

OpenID is looking for a new Executive Director

This seems more like fired for not pushing OpenID hard enough. The job is still vacant. It is a pity I am already the Executive Director of OpenSignOn 😉