#indiewebcamp 2012-05-05

2012-05-05 UTC
tantek, davida, brennannovak, singpolyma, danbri and danbri_ joined the channel
# 16:00 
aaronpk I just launched indieauth logins on the indiewebcamp wiki!
# 16:02 
aaronpk Do you think anyone would mind if I disabled OpenID logins now?
brennannovak joined the channel
# 16:14 
aaronparecki.com edited /MediaWiki:Sidebar (-44) (view diff)
tantek joined the channel
# 16:41 
aaronpk apparently I forgot how to design logos
# 16:41 
aaronparecki.com uploaded /Special:Log/upload "uploaded "[[File:IndieAuthLogo100.png]]""
# 16:42 
aaronparecki.com edited /Main_Page (+3) (view diff)
# 16:42 
aaronparecki.com edited /Main_Page (+3) (view diff)
# 16:52 
singpolyma aaronpk: just tried the indieauth thing on the wiki.  ick
# 16:52 
singpolyma very un-indie
# 16:54 
aaronpk please elaborate
# 16:54 
aaronpk it's an implementation of RelMeAuth, are you familiar with that?
# 16:54 
singpolyma it requires me to have and account with some external big-name provider that I do not own or control
# 16:54 
singpolyma and uses that
# 16:54 
aaronpk true, however your identity is not tied to the provider
# 16:55 
aaronpk since in the end, you are authenticated as yourdomain.com
# 16:55 
aaronpk which means if you want to change which provider you use for authentication, you can, just by changing the links on your home page
# 16:55 
singpolyma sure, I mean, it's better than a "log in with Twitter" button
# 16:55 
aaronpk it's analogous to delegating openid logins to other providers
# 16:55 
singpolyma right, only I can delegate to any OpenID provider
# 16:55 
singpolyma here I can only delegate to a well-known "big name"
# 16:57 
aaronpk yes, that is a limitation because OAuth implementations aren't actually very standardized right now.
# 16:58 
singpolyma sure, because OAuth is explicitly not intended for this use
# 16:59 
aaronpk ah, I see you've already commented on tantek's article on RelMeAuth http://microformats.org/wiki/RelMeAuth
# 16:59 
singpolyma OpenID should almost definitely be supported as at least a fallback, both because it has more traction/support and also because it's more indie
# 17:00 
tantek I agree with OpenID as a fallback
# 17:01 
aaronpk yes, OpenID fallback for indieauth would be good
# 17:01 
tantek aaronpk - it would be great if we could use the IndieAuth plugin as an update / replacement for the OpenID plugin
# 17:01 
tantek I'd like to set that up on microformats.org
# 17:01 
tantek and I bet others wouldn't mind upgrading from the OpenID plugin also
# 17:01 
tantek (mediawiki plugin)
# 17:02 
singpolyma also, I'm not sure what I mean by "fallback", since obviously my OpenID URI is a valid RelMeAuth page
# 17:02 
singpolyma but I would never want to use twitter or github to login if I can help it
# 17:02 
aaronpk tantek: cool, it's currently written as an auth plugin for mediawiki, and integrates pretty seamlessly into the wiki. it actually replaces the default login form instead of adding a special one
# 17:04 
tantek sure - I'm not talking about UI
# 17:04 
tantek I'm saying that if it fails to find any relmeauth providers, then it should jump to the previous OpenID code to attempt to use the URL for OpenID login/discovery etc.
# 17:05 
tantek completely seamlessly - no change to the UI
# 17:05 
tantek singpolyma - I think it makes more sense to prefer RelMeAuth over OpenID since RelMeAuth is easier to setup.
# 17:05 
tantek (for users / IndieWeb site owners)
# 17:05 
singpolyma I think OpenID endpoints should just be considered valid RelMeAuth endpoints (in the way that known OAuth sites are already done as a hack)
# 17:05 
singpolyma that way more providers instantly get support
# 17:06 
singpolyma (like identi.ca)
# 17:06 
singpolyma without having to specialcase everyone
# 17:06 
singpolyma and then indie sites will also work
# 17:06 
tantek oh I see what you mean - rel=me as a method for OpenID discovery
# 17:06 
aaronpk singpolyma: agreed. I will see about adding openid support to indieauth.com
# 17:06 
singpolyma cool
# 17:07 
tantek so if you're rel=me confirmed to a site which then has openid link rels, then use OpenID to validate that identity
# 17:07 
tantek s/validate/authenticate
# 17:07 
Loqi tantek meant to say: so if you're rel=me confirmed to a site which then has openid link rels, then use OpenID to authenticate that identity
# 17:07 
singpolyma tantek: yeah.  something like that
# 17:07 
tantek that way the indieweb site owner could choose where it is in the fallback
# 17:08 
aaronpk couldn't you just look for the openid tags on the user's website that they enter? skip any rel=me if that's present?
# 17:08 
tantek aaronpk - no, because then you don't get fallback
# 17:08 
singpolyma aaronpk: well, if the page itself has OpenID rels, I think that counts as "a rel=me confirmed site having OpenID rels"
# 17:09 
singpolyma since a page is confirmed to itself
# 17:09 
tantek better to simply follow the rel=me's in order
# 17:09 
tantek and then, if at some point you find a rel=me to an openid provider, then you can do openid authentication on that
# 17:09 
aaronpk oh I see, so that would mean a user wouldn't have to actually delegate their domain with openid tags
# 17:09 
tantek bingo
# 17:09 
singpolyma yeah
# 17:09 
aaronpk cool
# 17:09 
tantek e.g. I could simply use rel=me to visibly link to http://tantek.myopenid.com/
# 17:10 
tantek rather than having to use invisible cryptic 2-4 <link rel="">s
# 17:10 
singpolyma or an identi.ca profile
# 17:10 
tantek (have always hated that about openid delegation - why so many link rels?)
# 17:10 
singpolyma I just think a page should be considered confirmed to itself, in case the page is itself an OpenID endpoint (such as a WordPress blog self-hosting OpenID)
# 17:11 
tantek singpolyma - how do you detect something as an OpenID endpoint vs. OpenID delegation?
# 17:12 
singpolyma tantek: I wouldn't bother, but you probably can
# 17:12 
singpolyma since the markup is different
# 17:12 
tantek right, how is it different I am asking you
# 17:12 
singpolyma oh, sorry.  let me look it up
# 17:12 
tantek and yes - I'd agree that if a site is it's own Oauth or OpenID endpoint, it should be used directly instead of rel=me to an external authenticator
# 17:14 
aaronpk isn't it rel="openid.delegate"
# 17:14 
singpolyma delegations have a (in the old-school, deprecated <link> way)   openid2.local_id  or openid.delegte   <link> that is not the same as the current page
# 17:14 
aaronpk wait, <link> tags are deprecated for openid?
# 17:15 
tantek aaronpk - yeah I think they replaced them with something even more complicated
singpoly1a joined the channel
# 17:16 
singpoly1a sorry, my system froze
# 17:19 
tantek bummer that myopenid.com doesn't have a "URL" or "home page" field for your profile page, e.g. http://tantek.myopenid.com/
# 17:20 
tantek anyone suggest any OpenID providers that do?
# 17:21 
aaronpk identi.ca?
# 17:23 
aaronparecki.com edited /Main_Page (-23) "/* Who */" (view diff)
# 17:25 
aaronparecki.com edited /2012/Guest_List (-20) (view diff)
# 17:26 
aaronparecki.com edited /Getting_Started (+6) (view diff)
singpolyma joined the channel
# 17:28 
tantek wow looks like identoo.com died at some point (was an OpenID provider)
# 17:28 
tantek anyone know what happened? when it died?
# 17:28 
singpolyma a lot of the small-time guys just stopped when Google and Yahoo got into the game
# 17:28 
singpolyma wasn't identoo noserub?
# 17:29 
singpolyma noserub.com is also gone
# 17:29 
singpolyma I feel like it was there last time I looked...
# 17:32 
aaronparecki.com created /How_to_set_up_web_sign-in_on_your_own_domain (+1494) "Created page with "You must be ''this'' independent in order to contribute: # you must have your own domain, and  # have figured out how to set up [http://microformats.org/wiki/web-sign-in web sign..."" (view diff)
# 17:32 
aaronparecki.com edited /Getting_Started (+4) "web sign-in" (view diff)
# 17:35 
aaronpk tantek: have you thought about a "web sign-in" logo?
# 17:36 
tantek a bit, yeah - more like a standard button - I have some sketches
# 17:36 
aaronparecki.com edited /Main_Page (-54) (view diff)
# 17:36 
tantek aha - of course identica supports OpenID, hCard, and rel=me!
# 17:39 
aaronpk ok well I'm happy the indiewebcamp wiki is switched over to web sign-in
# 17:39 
aaronpk I'm going to have to work on openid support for it later tho
guy_need_money joined the channel
# 17:47 
tantek aaronpk - sweet
# 17:47 
tantek nicely done
# 17:47 
tantek looks like Plaxo also dropped OpenID support (and hCard for that matter). sad to see that's what happened after Joseph Smarr left.
# 18:02 
Loqi [http://twitter.com/Indie_Auth] The IndieWebCamp wiki just launched IndieAuth! http://t.co/5CBEl1mW Sign in with your own domain name!
# 18:04 
Loqi [http://twitter.com/indiewebcamp] Now you can sign in to the IndieWebCamp wiki without needing to set up OpenID! http://t.co/VAYB0hyN Try it out!
brennannovak, tantek, danbri, catsup and tilgovi joined the channel