De ITbende site is nu te bekijken op www.itbende.nl. De 1e ITbende Podcast zal vrijdag worden opgenomen. Je kan nu alvast luisteren naar de 2 Devcasts opgenomen voor de ontwikkelaars van het personalized podcast syteem.
You can only leave a comment on this blog if your logged-in via the XSall.com OSO. You normally found out about this after you wrote a comment. This was quite some pain because you had to write your comment twice. I fixed this today. Now you can’t write a comment before you are logged-in.
Thanks everybody for testing the OpenID identity provider on XSall.com. The Microsoft live ID http://openid.live-int.com you can create on https://login.live-int.com/beta/ManageOpenID.srf was not working. Many thanks to Martin Atkins for his help fixing this.
In this test we found out that it is not logical for people to not enter a password for an OpenID on XSall.com. Perhaps we will have to change something in the GUI. Letting users enter a password we don’t use is strange too.
If you have an OpenID please check if you can login via this site and leave a comment if you can or can’t. If you can’t please tell us the error you get. If you are successfully logged-in you see this: ->
On XSall we need to remove the password box if you select OpenID. Leave the password box empty until we do.
OpenID’s we think work are:
Just something to think about when you talk about a single Identity number and a single global bank…. Always show your left hand 😉
Book of revelations Chapter 13 verse 16-17:
“And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:” “And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.”
If we use the HTTPOnly flag for XSall perhaps we also have to add P3P headers. Just studying the topic now. Here are some links: P3P, Cookies and IE6.0: A Case Study Don’t get trapped by mixed headers
The XSall implementation of OpenSignOn is not using the HTTPOnly flag now. I don’t see any XSS problems but perhaps it would not hurt to implement it. An extra wall always helps.
This seems more like fired for not pushing OpenID hard enough. The job is still vacant. It is a pity I am already the Executive Director of OpenSignOn 😉