Logistical updates for accountchooser.com, .net, and the workinggroup site | Eric Sachs | 5/22/12 8:10 PM | Many of you are on the thread below where we are working with Inventures which provides many backoffice/IT services to the OpenIDFoundation. With their help the accountchooser.NET marketing site is now online (but still has some small edits we need to make). In addition the accountchooser.COM site is hopefully only a day or two from being available with a live version of the central account chooser. Because of these changes, the wiki page for the AC workinggroup has been updated to try to route techies to different sources of information they might find helpful based on their interests.
Once it is live, it will also directly host a copy of the accountchooser.js file needed by websites that way to integrate with accountchooser.com using the simple 3-step process. While some of the early code for that JS file contained legacy references to GoogleIdentityToolkit, we are eliminating those. So if you find any, let us know. We'll also update the http://code.google.com/p/accountchooser/ repository to post all the HTML & JS used on the site.
Forwarded conversation Subject: OIDF changes for accountchooser.com & accountchooser.net ------------------------ From: Eric Sachs <esa...@google.com> Date: Wed, May 16, 2012 at 6:27 PM To: Tammi Vital <tvi...@inventures.com>, John Keith <jtk...@cloudfour.com> Cc: John Ehrig <jeh...@inventures.com>, Don Thibeau <d...@oidf.org>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> Tammi, we are finally ready to start making some of the changes we discussed in the past for the OpenIDFoundation accountchooser domains, and wanted to get your help. We have been working with a firm called Cloudfour to build a marketing website that will be hosted at accountchooser.NET. The staging version of the site is live right now at acdev.cloudfour.com. John Keith from CloudFour, copied here, will be working to setup the live site and can provide you with the DNS details to use. Our goal is to get the live site up as soon as possible, though we won't formally announce it for a few more weeks.
You and I had also had some phone calls about the configuration for accountchooser.com including its SSL cert. We are now ready to take the first steps to actually update the .COM site. Could you do 2 things?
First, we will send you an SSL CSR. Can you then use the domain registrar system that you have chosen for accountchooser.com to have that SSL cert signed? If the registrar supports different options, like length of time, let us know and we'll figure out the best configuration. Once its done we'll also want to make sure Inventures bills the OIDF for the cost, and that it comes out of the marketing committee directed funding. For the SSL certs, what Local & State value should we use in the CSR? I noticed the openid.net cert has state=Oregon & locale=Portland. But the OIDF's billing address these days is in San Ramon, CA. Do you know whether the registrar will require a specific value to be used?
Also, we need to update the DNS settings of accountchooser.COM and www.accountchooser.COM to point to the new place hosting the updated static HTML files. For now you can just configure the DNS to point to:
ns1.google.com, ns2.google.com, ns3.google.com and ns4.google.com Later other companies might offer to host a copy of these files for free as well, and then we can change the DNS settings and get them a copy of the SSL cert. You can go ahead and make this change anytime. It will cause the accountchooser.COM site to temporarily give errors if someone visits it, but that is fine. We'll get the new stuff up in non-SSL mode first, and then SSL as soon as the cert is done.
---------- From: John Keith <jtk...@cloudfour.com> Date: Thu, May 17, 2012 at 9:45 AM To: Tammi Vital <tvi...@inventures.com> Cc: Eric Sachs <esa...@google.com>, Aileen Jeffries <ail...@cloudfour.com> Hi Tammi, Please point accountchooser.net and www.accountchooser.net to IP address 205.186.142.117
As of yesterday, we've pushed an initial copy of the site live at that IP address, so we're ready to test once the DNS has been updated. Best regards, John Keith
-- John Keith jtk...@cloudfour.com | skype:jtkeith 503.781.9825 ---------- From: Tammi Vital <tvi...@inventures.com> Date: Thu, May 17, 2012 at 9:51 AM To: John Keith <jtk...@cloudfour.com> Cc: Eric Sachs <esa...@google.com>, Aileen Jeffries <ail...@cloudfour.com> I have made the DNS change. It can take up to 24 hours to fully propagate.
Thanks, Tammi
From: John Keith [mailto:jtk...@cloudfour.com] ---------- From: Tammi Vital <tvi...@inventures.com> Date: Thu, May 17, 2012 at 12:05 PM To: Eric Sachs <esa...@google.com>, John Keith <jtk...@cloudfour.com> Cc: John Ehrig <jeh...@inventures.com>, Don Thibeau <d...@oidf.org>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> Eric,
Regarding the SSL cert. Please use state=California & locale=San Ramon. It will make the process easier. The cert for openid.net was created before the domain was transferred over to us.
When the CSR is sent to me, I will also need to know what platform the server is running on and how many bits the CSR is encrypted for. 2048 is pretty standard these days.
I usually prefer to purchase SSL certs from Thawte because they are the easiest to work with. They are not the cheapest but they have a good product and their support is excellent. Here is a link to their product site. http://www.thawte.com/ssl/index.html. I also use Comodo sometimes. Whichever one you want to go with is fine with me.
I have changed the nameservers for accountchooser.com to point to the Google nameservers. There is no need to do it for www.accountchooser.com as it is just an alias. It will need to created when the rest of the DNS is setup by Google.
Let me know if you have any questions, Tammi
From: Eric Sachs [mailto:esa...@google.com] ---------- From: Eric Sachs <esa...@google.com> Date: Fri, May 18, 2012 at 10:23 AM To: Tammi Vital <tvi...@inventures.com> Cc: John Keith <jtk...@cloudfour.com>, John Ehrig <jeh...@inventures.com>, Don Thibeau <d...@oidf.org>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> Tammi, for the SSL cert lets go with Thawte for the 2-year "SSL Web Server Certificates with EV" cert. Attached is the CSR which is 2048 bits for Linux platform. ---------- From: Tammi Vital <tvi...@inventures.com> Date: Fri, May 18, 2012 at 2:28 PM To: Eric Sachs <esa...@google.com>, Don Thibeau <d...@oidf.org> Cc: John Keith <jtk...@cloudfour.com>, John Ehrig <jeh...@inventures.com>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> Don,
I just spoke with John about this and because of the amount we need your approval. The total cost is $995. Do I have your approval to incur it on behalf of OIDF?
Thank You, Tammi
From: Eric Sachs [mailto:esa...@google.com] ---------- From: Don Thibeau <d...@oidf.org> Date: Fri, May 18, 2012 at 6:04 PM To: Tammi Vital <tvi...@inventures.com> Cc: Eric Sachs <esa...@google.com>, John Keith <jtk...@cloudfour.com>, John Ehrig <jeh...@inventures.com>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> yes please proceed First, we will send you an SSL CSR. Can you then use the domain registrar system that you have chosen for accountchooser.com to have that SSL cert signed? If the registrar supports different options, like length of time, let us know and we'll figure out the best configuration. Once its done we'll also want to make sure Inventures bills the OIDF for the cost, and that it comes out of the marketing committee directed funding. For the SSL certs, what Local & State value should we use in the CSR? I noticed the openid.netcert has state=Oregon & locale=Portland. But the OIDF's billing address these days is in San Ramon, CA. Do you know whether the registrar will require a specific value to be used?
Also, we need to update the DNS settings of accountchooser.COM and www.accountchooser.COM to point to the new place hosting the updated static HTML files. For now you can just configure the DNS to point to:
Later other companies might offer to host a copy of these files for free as well, and then we can change the DNS settings and get them a copy of the SSL cert. You can go ahead and make this change anytime. It will cause the accountchooser.COM site to temporarily give errors if someone visits it, but that is fine. We'll get the new stuff up in non-SSL mode first, and then SSL as soon as the cert is done.
--
Don Thibeau ---------- From: Eric Sachs <esa...@google.com> Date: Tue, May 22, 2012 at 9:42 AM To: Don Thibeau <d...@oidf.org> Cc: Tammi Vital <tvi...@inventures.com>, John Keith <jtk...@cloudfour.com>, John Ehrig <jeh...@inventures.com>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> Tammi, will you have time to finish the SSL cert this week? The other DNS changes you made are working so accountchooser.NET is now online, and all the content for accountchooser.COM is ready and as soon as we have the cert we can turn it on. ---------- From: Tammi Vital <tvi...@inventures.com> Date: Tue, May 22, 2012 at 9:43 AM To: Eric Sachs <esa...@google.com>, Don Thibeau <d...@oidf.org> Cc: John Keith <jtk...@cloudfour.com>, John Ehrig <jeh...@inventures.com>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> By the end of the week should not be a problem. I am already working on it.
Tammi
From: Eric Sachs [mailto:esa...@google.com] ---------- From: Eric Sachs <esa...@google.com> Date: Tue, May 22, 2012 at 9:44 AM To: Tammi Vital <tvi...@inventures.com> Cc: Don Thibeau <d...@oidf.org>, John Keith <jtk...@cloudfour.com>, John Ehrig <jeh...@inventures.com>, Pam Dingle <pdi...@pingidentity.com>, Greg Keegstra <gr...@janrain.com>, Victor White <vic...@gigya-inc.com>, Aileen Jeffries <ail...@cloudfour.com>, Guibin Kong <guibi...@google.com>, Sebastian Welsh <sebas...@google.com> Fantastic, thanks! ---------- From: Tammi Vital <tvi...@inventures.com> Date: Tue, May 22, 2012 at 10:42 AM To: Eric Sachs <esa...@google.com> What version of Linux is the server running?
From: Eric Sachs [mailto:esa...@google.com] Sent: Tuesday, May 22, 2012 9:42 AM Cc: Tammi Vital; John Keith; John Ehrig; Pam Dingle; Greg Keegstra; Victor White; Aileen Jeffries; Guibin Kong; Sebastian WelshTo: Don Thibeau ---------- From: Eric Sachs <esa...@google.com> Date: Tue, May 22, 2012 at 10:48 AM To: Tammi Vital <tvi...@inventures.com> Our Linux kernels are customized. Our operations team asked me what the list of options are that you can choose. Our ops team said they can then suggest which one should work. ---------- From: Tammi Vital <tvi...@inventures.com> Date: Tue, May 22, 2012 at 11:31 AM To: Eric Sachs <esa...@google.com> Eric,
Please see attached for the server choices. The list is rather extensive so I’m sure the can find something…
Thanks, Tammi
From: Eric Sachs [mailto:esa...@google.com] ---------- From: Eric Sachs <esa...@google.com> Date: Tue, May 22, 2012 at 11:36 AM To: Tammi Vital <tvi...@inventures.com>, Sebastian Welsh <sebas...@google.com> Sebastian, the OpenIDFoundation is working on that SSL for us (Tammi in particular is doing the work). Attached is a long list of Linux platforms that are options for the SSL certificate. Which one would you suggest that we use? ---------- From: Sebastian Welsh <sebas...@google.com> Date: Tue, May 22, 2012 at 7:50 PM To: Eric Sachs <esa...@google.com> Cc: Tammi Vital <tvi...@inventures.com> On Wed, May 23, 2012 at 4:36 AM, Eric Sachs <esa...@google.com> wrote: Sebastian, the OpenIDFoundation is working on that SSL for us (Tammi in particular is doing the work). Attached is a long list of Linux platforms that are options for the SSL certificate. Which one would you suggest that we use? It is a rather long list. Specifying ApacheSSL should be fine. If we need to finesse the certificate once it has been issued we can do that.
|
Re: Logistical updates for accountchooser.com, .net, and the workinggroup site | Eric Sachs | 5/23/12 12:16 PM |
We're getting closer. The non-SSL version of accountchooser.com is running now. You can use the testing tool site to start playing with it. Inventures is making good progress on the SSL cert which is the next big piece. |
Re: Logistical updates for accountchooser.com, .net, and the workinggroup site | Eric Sachs | 6/1/12 9:05 AM | Unfortunately we are continuing to run into problems with getting the SSL cert for accountchooser.com working. Inventures is looking into it, but we don't have an ETA yet.
However we have published the static html/js files to the non-SSL version of accountchooser.com and they are working. The other tasks being worked on are:
On Fri, May 25, 2012 at 2:21 PM, Tammi Vital <tvi...@inventures.com> wrote:
|
RE: Logistical updates for accountchooser.com, .net, and the workinggroup site | Axel Nennker | 6/1/12 10:57 AM | Hm. When I visit http://accountchooser.com/ then I am redirected to http://www.accountchooser.com/ which show a nearly empty page. At the top is a centered grayish line which is about 3 pixels thick.
I tried this in the DT intranet (windows, Firefox 12 & IE9), from a personal device without any proxies (ubuntu Firefox 12) and Android Firefox Nightly. The result is the same. The html code of that page is attached to this email.
Axel
From: oidf-account...@googlegroups.com [mailto:oidf-account-chooser-list@googlegroups.com] On Behalf Of Eric Sachs |
Re: Logistical updates for accountchooser.com, .net, and the workinggroup site | Eric Sachs | 6/1/12 11:01 AM | We want to leave it that way until we can fix the SSL issue and learnmore page. Otherwise sites/people might mistakenly think they could use the non-SSL version. |
RE: Logistical updates for accountchooser.com, .net, and the workinggroup site | Axel Nennker | 6/1/12 12:32 PM | Wouldn’t it make sense to create a self-signed certificate until the real one is ready? People would have to accept that cert once and could try accountchooser.com.
Currently it looks broken.
From: oidf-account...@googlegroups.com [mailto:oidf-account-chooser-list@googlegroups.com] On Behalf Of Eric Sachs |
Re: Logistical updates for accountchooser.com, .net, and the workinggroup site | Eric Sachs | 6/1/12 12:37 PM | >> Wouldn’t it make sense to create a self-signed certificate until the real one is ready? The Google operations team who is responsible for this super-fast content serving system are real sticklers about process/security. Based on our testing, the performance advantages (especially outside US/Eastern-Europe) are really worth the benefit of the extra hassle. |