toggle target window.
your (almost) daily dose of piefke 3000 – in furry english. touch
recent comments
 
outbound link summary:
 Monday, 3. November 2003, 19:03
p3k dots
imagine if i could login at antville.org as tobi/p3k.org and the antville installation there would retrieve the user session via xml-rpc from this antville installation here... theoretically, this way it would be possible to login at any antville site.

(with the right api definition this even could work between any two blogging systems.)

however, right now i only can guess that there is at least one big problem with such kind of remote login.

and it opens a bunch of questions, e.g. which site is a comment stored at? or: can i become a remote member of an antville.org site? scroll back to top of this document.

kris, 2003.11.03, 19:55    
p3k dots
señor lumma raised a similar issue two weeks ago. check this for links etc.: obka.blogg.de

p3k, 2003.11.04, 10:00    
p3k dots
thanks kris for the pointer i was searching for so desperately. (i remembered there was some ripple about this but i did not blog it, unfortunately.)

as far as i understand it, it's not very similar to what i considered above. the big difference imho is the de-centralization aspect. i definitely want to avoid users having to log on at one singular point of failure (or power).

moreover, my main concern is not to secure authentication of a person or stuff like that. i think nicknames can be a good enhancement in terms of communication. its negative side-effects should be solved differently than by going for certificates or the like. (ssl is pretty advanced for both, developers and users, and simply will turn away people from using it, anyway.)

my main objection is that i don't want my login to be stored at a central server. neither do i want my comments to go via, even if they are deleted afterwards.

that's why i propose the tobi/p3k.org syntax which descends into the corresponding api functionality (ie. fetch the session data for user tobi from p3k.org).

uh, now i found the easycomment proposal and i think this is in fact the same idea just summarized better. i could dig the "obka" if it takes this turn.

btw. the term "open blog comment alliance" is pretty hypocrisy when all the fuss is about kind of a "social security card" for participating in weblog communication.

kris, 2003.11.04, 11:41    
p3k dots
regardless what they decide this site has some interesting pointers and, initially, they wanted to solve a similar task.

btw, have you got my mails? maybe they are in the spamfilter?

hns, 2003.11.04, 12:29    
p3k dots
It's an alluring vision, but the technological implementation is not trivial. How would you do it?

p3k, 2003.11.04, 17:42    
p3k dots
i cannot think of the details w/o hacking some code but the easycomment proposal is quite descriptive. i guess a lot has to be changed in the antville login routines and as i said i most likely miss the most difficult problem at all. but what is a software w/o a vision? ;)

hns, 2003.11.04, 21:06    
p3k dots
let's assume that the user is (auto-)logged in at her home site. The foreign server could than use an iframe to include a special URL from the home server including, as http parameters, the user name in question, a url for confirmation, and a random key. if the user is (auto-)logged in on her home server and the user name is right, it "pings" the remote server at the given confirmation url.
might work, wouldn't be too hard.

rednix, 2003.11.04, 23:13    
p3k dots
OBKA.blogg.de is just a place where we want to collect all the ideas related to this issue. My proposal to have a centralized login ist just that, a proposal. the more input we get, the better the outcome. :)

p3k, 2003.11.05, 11:40    
p3k dots
@hannes: if i get it right, this solves the problem of the password running through too many servers. however, i do not get the whole picture. would be interesting to see it in action...

matthias, 2003.11.05, 15:41    
p3k dots
?? i'm quite confused why everybody, including "obka" is trying to make things more complicated than they are.

what exactly means "would retrieve the user session". all you need is an XML-rpc.authenticate() function, which is the blogger.getUser()/blogger.getUserInfo() function. (if we fix the fact that it always returns user-data, even without the right loggin/pwd) to be able to login via a trusted bloghost server.
via
username@bloghost.org

i think, that there is just NO WAY to auto-login on a foreign server. so the only thing you can reach is to loggin without registering.

@hns
how can you trust the fact that just the user itself calls the iframe url with its own username.

earl, 2003.11.06, 20:56    
p3k dots
i'd also separate the issue into two concerns:
- remote authentication (i.e. "login w/o register")
- single sign on

and i'd attack the problem along this line, i.e. start w/ remote authentication first and later, if desired, extend it to a full single sign-on solution.

hns, 2003.11.07, 13:15    
p3k dots
I implemented the frontend part of the mechanism I described above. Looks pretty promising.

p3k, 2003.11.07, 16:47    
p3k dots
indeed. and first of all it works. thank you! now I'll take a look at the mechanics...


Please login to add a comment
find

home


chopper
juk€box
parss
rabbit
rss viewer
typolisher

login

ISSN 1608-4624
XML version of this page today's site statistics.

fertilized by antville.