openid4.me not working

[Nicolas17]

The openid4.me service seems to be broken, leaving me locked out of
several websites, since I used it as my main OpenID. I just get
"Verification of the OpenID URL was cancelled." from the website.

The HTML returned from the OpenID URL ( http://openid4.me/http://foaf.me/nicolas17%23me
) shows "not found" for name, nickname, and mbox, even though they are
definitely specified correctly in the foaf profile. This may be
related.

[Seth Russell]

This is exactly why re-authentication (login) to a website or service with your WebID should not be dependant on  verification of the certificate in the profile document.  

It's also, unfortunately, one of the reasons that i won't use WebID now for my sites or my identity.

Seth Russell
Podcasting: tagtalking.net
Facebook ing: facebook.com/russell.seth
Twitter ing: twitter.com/SethRussell
Blogging: fastblogit.com/seth/
Catalog selling: www.speaktomecatalog.com
Google profile: google.com/profiles/russell.seth

--
You received this message because you are subscribed to the Google Groups "foaf.me" group.
To post to this group, send email to foa...@googlegroups.com.
To unsubscribe from this group, send email to foafme+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/foafme?hl=en.

[Melvin Carvalho]

On 11 September 2010 19:50, Seth Russell <russel...@gmail.com> wrote:

This is exactly why re-authentication (login) to a website or service with your WebID should not be dependant on  verification of the certificate in the profile document.  

Hi Seth.  Sorry you feel impeded that limitation.  I think people are working on improving authentication options.  But please realize that the people working on this site are just volunteers, and have limited time to tackle a wide range of issues.
 

It's also, unfortunately, one of the reasons that i won't use WebID now for my sites or my identity.

Unfortunately I dont have access to the openid4.me site.  Akbar is looks after this, and I have messaged him, but he seems to be away right now.  Hopefully he will reply when he gets back.

OpenID integration has been tricky from the start, and for some reason has remained problematic. 

I think after this issue is (hopefully) resolved, it makes sense split the OpenID and foaf mailing lists, so that we can focus on the respective issues.
 

[Seth Russell]

My point is not that there is some little transitory bug over at openid.me and the pain it causes ... my point is that the protocol has been defined so that it is inherently and needlessly unreliable.  It is dependent on the site which issued the WebID to be up and running.  But it doesn't  need that dependence!   Login using WebID need only  be a transaction between the website and the client's browser.  

Seth Russell
Podcasting: tagtalking.net
Facebook ing: facebook.com/russell.seth
Twitter ing: twitter.com/SethRussell
Blogging: fastblogit.com/seth/
Catalog selling: www.speaktomecatalog.com
Google profile: google.com/profiles/russell.seth

[Melvin Carvalho]

On 11 September 2010 20:26, Seth Russell <russel...@gmail.com> wrote:

My point is not that there is some little transitory bug over at openid.me and the pain it causes ... my point is that the protocol has been defined so that it is inherently and needlessly unreliable.  It is dependent on the site which issued the WebID to be up and running.  But it doesn't  need that dependence!   Login using WebID need only  be a transaction between the website and the client's browser.  

Hi Seth.  Thanks or the clarification.  The WebID Protocol specification is a work in progress.  I think if you have found a flaw, perhaps it's worth persuing on the foaf-protocols mail list.  There are active sessions to log an address issues presented.  Especially if you see it as a show stopper.

As it happens, I dont see that the scenario you present as infeasible using the current spec.  WebID verification need only occur on the FIRST validation, thereafter it can be cached locally, or in the LOD cloud.  Aditionally, there's no reason that your browser cant also be your WebID.  Peter Williams has done this using opera unite, and it's possible to do in firefox using dynamic DNS.  But as I say, possibly a discussion for foaf protocols.
 

[Seth Russell]

Woops! i thought  i was on the protocols list.  I'll forward this over there.

[Nicolás Alvarez]

On 11/09/2010, zeno <ruset...@gmail.com> wrote:

> On Sep 11, 7:02 pm, Nicolas17 <nicolas.alva...@gmail.com> wrote:
>> The openid4.me service seems to be broken, leaving me locked out of
>> several websites, since I used it as my main OpenID. I just get
>> "Verification of the OpenID URL was cancelled." from the website.
>>
>> The HTML returned from the OpenID URL

>> (http://openid4.me/http://foaf.me/nicolas17%23me

>> ) shows "not found" for name, nickname, and mbox, even though they are
>> definitely specified correctly in the foaf profile. This may be
>> related.
>

> you need to check if the profile is valid rdf/xml after you use the
> row edior from foaf.me for at least two reason:
> - you could have some typo in what you put inside
> - cut&paste could include strange things after submit

I haven't touched my foaf.me profile for months, and in the middle of
that period is when openid4.me stopped working.

> I checked your profile with rapper and can't be parsed.

Works for me, rapper returns 15 triples with no errors.

--
Nicolas

[Akbar Hossain]

Hi,

Sorry to herar you having issues.

Would you mind trying the following url.

https://openid4.me/tools/simpleLogin.php

To check your certificate first.

Thanks

2010/9/11 Nicolás Alvarez <nicolas...@gmail.com>:

[zeno]

On Sep 12, 1:20 am, Nicolás Alvarez <nicolas.alva...@gmail.com> wrote:

> On 11/09/2010, zeno <ruset.z...@gmail.com> wrote:
>
> > On Sep 11, 7:02 pm, Nicolas17 <nicolas.alva...@gmail.com> wrote:
> >> The openid4.me service seems to be broken, leaving me locked out of
> >> several websites, since I used it as my main OpenID. I just get
> >> "Verification of the OpenID URL was cancelled." from the website.
>
> >> The HTML returned from the OpenID URL
> >> (http://openid4.me/http://foaf.me/nicolas17%23me
> >> ) shows "not found" for name, nickname, and mbox, even though they are
> >> definitely specified correctly in the foaf profile. This may be
> >> related.
>
> > you need to check if the profile is valid rdf/xml after you use the
> > row edior from foaf.me for at least two reason:
> > - you could have some typo in what you put inside
> > - cut&paste could include strange things after submit
>
> I haven't touched my foaf.me profile for months, and in the middle of
> that period is when openid4.me stopped working.
>

in that case I don't know what happend.

> > I checked your profile with rapper and can't be parsed.
>
> Works for me, rapper returns 15 triples with no errors.
>

now yes, same result here, 15 triples. Try to see if will work with
openid4me.

best regards

[Nicolas17]

SSL Client Certificate: detected!
Client Certificate Public Key detected! (INT):
Modulus :
27865755887553422932731408306179756188429540071099856676625732412177696323861326
[...]
888481225162450957485701689649287680559582959527042310557
Exponent : 65537
Subject Alt Name (FOAF Profile): detected!: http://foaf.me/nicolas17#me
FOAF Remote Public Key: Not detected!


The RDF representation contains:

<cert:identity rdf:resource="h"/>
<rsa:public_exponent cert:decimal="65537"/>
<rsa:modulus cert:hex=""/>

And the full RDFa representation is

<span typeof="rsa:RSAPublicKey">
<div about="#cert" typeof="rsa:RSAPublicKey">
<div rel="cert:identity" href="$subjectAltName[URI]"></div>
<div rel="rsa:public_exponent">
<div property="cert:decimal" content="65537"></div>
</div>
<div rel="rsa:modulus">
<div property="cert:hex" content=""></div>
</div>
</div>
</span>

I notice empty rsa:modulus and weird cert:identity, but I don't know
if that is normal/expected or not.

On Sep 11, 7:24 pm, Akbar Hossain <akkiehoss...@gmail.com> wrote:
> Hi,
>
> Sorry to herar you having issues.
>
> Would you mind trying the following url.
>
> https://openid4.me/tools/simpleLogin.php
>
> To check your certificate first.
>
> Thanks
>

> 2010/9/11 Nicolás Alvarez <nicolas.alva...@gmail.com>:

[Nicolas17]

On Sep 11, 1:02 pm, Nicolas17 <nicolas.alva...@gmail.com> wrote:
> The HTML returned from the OpenID URL (http://openid4.me/http://foaf.me/nicolas17%23me

> ) shows "not found" for name, nickname, and mbox, even though they are
> definitely specified correctly in the foaf profile. This may be
> related.

It's now showing my nickname but stopped recognizing the RSA public
key (RSA Public Key: Not found), so it's back at showing only 2 out of
5 properties; one step forward, one step back. I didn't change
anything since yesterday (haven't even visited the foaf.me website).

Trying to login to websites still gives same "Cancelled" error as
before.

[Melvin Carvalho]

I've reset your in the DB account as it become malformed.

If you wouldnt mind recreating your account, I think it should all work agian. :)
 

[Nicolas17]

On Sep 12, 9:30 pm, Melvin Carvalho <melvincarva...@gmail.com> wrote:

> On 13 September 2010 02:14, Nicolas17 <nicolas.alva...@gmail.com> wrote:
>
> > On Sep 11, 1:02 pm, Nicolas17 <nicolas.alva...@gmail.com> wrote:
> > > The HTML returned from the OpenID URL (
> >http://openid4.me/http://foaf.me/nicolas17%23me
> > > ) shows "not found" for name, nickname, and mbox, even though they are
> > > definitely specified correctly in the foaf profile. This may be
> > > related.
>
> > It's now showing my nickname but stopped recognizing the RSA public
> > key (RSA Public Key: Not found), so it's back at showing only 2 out of
> > 5 properties; one step forward, one step back. I didn't change
> > anything since yesterday (haven't even visited the foaf.me website).
>
> > Trying to login to websites still gives same "Cancelled" error as
> > before.
>
> I've reset your in the DB account as it become malformed.
>
> If you wouldnt mind recreating your account, I think it should all work
> agian. :)

Interesting...

I don't mind recreating account, but foaf.me tells me the username is
already in use.

Changing my username is not an option, since that would change the
OpenID URL and websites would consider me a new user :/

[Melvin Carvalho]

I've freed up the username.

Would you mind trying again?
 

[Nicolas17]

On Sep 13, 3:40 am, Melvin Carvalho <melvincarva...@gmail.com> wrote:

> On 13 September 2010 02:48, Nicolas17 <nicolas.alva...@gmail.com> wrote:
> > I don't mind recreating account, but foaf.me tells me the username is
> > already in use.
>
> > Changing my username is not an option, since that would change the
> > OpenID URL and websites would consider me a new user :/
>
> I've freed up the username.
>
> Would you mind trying again?

I'm still getting "Sorry, username already exists, please press back
and try another username."

[Melvin Carvalho]

Looks like it got recreated in that time ... I've deleted it again, so you should be good to go.
 

[Nicolas17]

On Sep 13, 3:08 pm, Melvin Carvalho <melvincarva...@gmail.com> wrote:
> Looks like it got recreated in that time ... I've deleted it again, so you
> should be good to go.

Account creation worked now. Thanks!

When creating the account, I entered my previous RSA public key in the
Security tab; but after clicking Save, it said "This identity is not
yet protected" and offered me to create a certificate. It seems the
RSAPublicKey in the foaf profile doesn't have an exponent. I *didn't*
give it an exponent in the Security tab, because it said "(Default =
65537)", and I assumed that meant "we'll use and store 65537 if you
don't enter anything here".

Since my certificate expires next month anyway, I'll let it create a
new one. But consider the above a bug report :)

[Nicolas17]

On Sep 13, 3:16 pm, Nicolas17 <nicolas.alva...@gmail.com> wrote:
> Account creation worked now. Thanks!
>
> When creating the account, I entered my previous RSA public key in the
> Security tab; but after clicking Save, it said "This identity is not
> yet protected" and offered me to create a certificate. It seems the
> RSAPublicKey in the foaf profile doesn't have an exponent. I *didn't*
> give it an exponent in the Security tab, because it said "(Default =
> 65537)", and I assumed that meant "we'll use and store 65537 if you
> don't enter anything here".
>
> Since my certificate expires next month anyway, I'll let it create a
> new one. But consider the above a bug report :)

I created a new certificate. My foaf profile now seems to have both
public keys. I also think I was supposed to enter the my previous key
in hex, not in decimal...

But I can now login both to OpenID websites via openid4.me and to
foaf.me \o/ Thanks again for your help!

[Nicolas17]

On Sep 12, 9:30 pm, Melvin Carvalho <melvincarva...@gmail.com> wrote:
> I've reset your in the DB account as it become malformed.
>
> If you wouldnt mind recreating your account, I think it should all work
> agian. :)

I now worry about the security of my OpenID and FOAF. I'll have to
reconsider using openid4.me, at least with foaf.me.

You helpfully deleted my account and made it recreatable with the same
user name, in my opinion without proving my identity first, at least
not enough. I believe everything I posted on this thread was public
information, including my public key modulus (and I bet nobody checked
that those weren't just random digits anyway). Whether I'm actually
the owner of that foaf.me account relies exclusively on the
spoofability of this email address via Google Groups. Assuming
actually someone checked whether this address matched my foaf:mbox or
not...

Make me sign stuff with my SSL private key or something!

[Melvin Carvalho]

We do that for our premium users ;)