sceneid.net: OpenID fairy dust for the demoscene
category: general [glöplog]
So the only thing it would REALLY be useful for would be *inside* the Scene ID system. I.e. you should be able to "register" Open ID to your Scene ID. However, it won't be very useful!
However, i must say i dislike the idea of having the same id for multiple types of sites. For example when i talk with my jewish friends on the intarweb I prefer not having them to know that i travel the globe sieg heiling together with Keops.
However, i must say i dislike the idea of having the same id for multiple types of sites. For example when i talk with my jewish friends on the intarweb I prefer not having them to know that i travel the globe sieg heiling together with Keops.
Stefan: very funny, as usual.
Gasman: I fail to see what the user will benefit from that but maybe I missed the point
Gasman: I fail to see what the user will benefit from that but maybe I missed the point
im guessing that what the user benefits from is that, as gasman said, if scene.org goes down for the weekend one can still log in to demozoo. :)
TY gasman, I find it useful (I now have an OpenID provider).
We won't escape OpenID in the near future (and it's for sure better than a thousand broken login systems) and it will be for sure easier to integrate in modular frameworks.
So can't we use it near SceneID (for specific user data) and just accept sceneid.net/scene.org as a provider on pouet or on websites where we want to limit the audience?
here follows pouetization:
the scene is deadBETA.png)
We won't escape OpenID in the near future (and it's for sure better than a thousand broken login systems) and it will be for sure easier to integrate in modular frameworks.
So can't we use it near SceneID (for specific user data) and just accept sceneid.net/scene.org as a provider on pouet or on websites where we want to limit the audience?
here follows pouetization:
Blue Slide is a great song.
Limiting Scene's site to accept sceneid.net/scene.org openIDs is kinda cool. Sceners could register their openID on sceneid.net/scene.org and have it redirect to their own openID provider if they have one.
Quote:
im guessing that what the user benefits from is that, as gasman said, if scene.org goes down for the weekend one can still log in to demozoo. :)
You'd get that with your own hacked-together-non-shared login system as well, so that's not really "it" :)
makc: needs more SUPERSIZED input fields for e-mail notification.
Small feature request: How about redirecting plain http accesses to the OpenID URLs towards the homepages specified in the user profile? ;)
kb: It wouldn't quite work that way, because the first step of authentication is... a plain http access to the OpenID URL :-) (Also, at the point where that page is generated, we haven't retrieved the user profile from scene.org or even checked that the user exists, and it's a bit wasteful to hit scene.org when most of the time it isn't being seen by a person...) However, I could definitely brighten those pages up a bit, and show some profile details / links for the users we *do* know about (i.e. those who have already logged in).
Actually, that brings me on to another feature of OpenID which might not be the killer feature that will convert everyone, but it's something to chew on anyway: delegation. If you stick these two lines into the <head> of your own website:
(And if you suddenly decide you want to authenticate through (say) Livejournal instead, you can change those tags to point to their OpenID server instead, and still keep your user profile (read: your glop count) intact.)
Actually, that brings me on to another feature of OpenID which might not be the killer feature that will convert everyone, but it's something to chew on anyway: delegation. If you stick these two lines into the <head> of your own website:
Code:
like I've just done on matt.west.co.tt, you can start using your own website's URL as an OpenID. And then, if your favourite demoscene site were to make the OpenIDs of its users visible, it becomes a lot harder for trolls to impersonate you...<link rel="openid.server" href="http://sceneid.net/server" />
<link rel="openid.delegate" href="http://your-name-here.sceneid.net/" />(And if you suddenly decide you want to authenticate through (say) Livejournal instead, you can change those tags to point to their OpenID server instead, and still keep your user profile (read: your glop count) intact.)
im still slightly confused about the benefits and usage but then again i only read this thread twice in a hurry. i trust gasman's better judgment :)
righto, sceneid.net has now had a couple of little updates that are probably of no consequence to anyone...
Firstly, it now lets you pick and choose which details you want to hand over to the site you're logging into / registering for - so you can sign up to stuff using mostly your sceneID details without passing on your real name. And stuff like that.
Secondly, it's been upgraded to OpenID 2.0 and the new Attribute Exchange protocol. Which were released as final specs like *today*, so right now there's absolutely nothing on the internet that can benefit from it yet. Um. But once there's a bit more groundwork in place, it'll allow sites to sync up interesting stuff like your pouet/slengpung/csdb IDs (and glop count), and let you use your Pouet avatar on other sites. If you want to, that is.
It will make sense, eventually. I think.
Firstly, it now lets you pick and choose which details you want to hand over to the site you're logging into / registering for - so you can sign up to stuff using mostly your sceneID details without passing on your real name. And stuff like that.
Secondly, it's been upgraded to OpenID 2.0 and the new Attribute Exchange protocol. Which were released as final specs like *today*, so right now there's absolutely nothing on the internet that can benefit from it yet. Um. But once there's a bit more groundwork in place, it'll allow sites to sync up interesting stuff like your pouet/slengpung/csdb IDs (and glop count), and let you use your Pouet avatar on other sites. If you want to, that is.
It will make sense, eventually. I think.
cool. go gasman go.
"interesting"? :)
Srsly I don't get it.
:(
Srsly I don't get it.
:(
openid is cool, and easy to explain the big benefit: you store your data where you want it (even self host) and then can share parts of it (what you want) to any website that asks for it. openid rules, count me in!
but that's exactly what we should NOT want. I mean, seriously, sceneID was founded to provide a scene-only login system for scene-specific websites - connecting it to openID is basically degrading it to a level of "please use your Google account to log in to pouet". it opens gates that should be kept shut tight.
I agree completely with Gargaj.
Even if the security is rock solid this entire idea stinks. Why would I want websites be able to collect data about me, for free? And when it comes to THIS kind of data it can be really embarrassing if the wrong info falls into wrong hands, even if you are named gloom and pretend to be serious all the time. We already have had several situations in Sweden where employers have looked up personal info about people on blogs and communities. Sure this system might have a nice technical solution about integrity, security and such. But it's the general idea that really nags me. Why would i want my data transfered so easy between sites that really has nothing in common?
When I ran mac.scene.org for a while i really couldn't believe how people where willing to log in to a random site, sending their password in clear text and generally let the site administrator have all his somewhat personal information. But after all, this was just a "scene site" and it somehow made sense, because we really don't trust any scene sites anyways.
Gasman: Seriously, why do you *need* this so bad? Are you really so lazy you cant rewrite your real name and e-mail when you decide to join a *new* community? Or do you change your real name and e-mail that often you need to "synch the web"?
For me this all just sounds like a big hassle for nothing. If MS had launched this service I am sure everybody would start ranting on bloggs and yell how they are trying to take over the web and mapping your personal life.
When I ran mac.scene.org for a while i really couldn't believe how people where willing to log in to a random site, sending their password in clear text and generally let the site administrator have all his somewhat personal information. But after all, this was just a "scene site" and it somehow made sense, because we really don't trust any scene sites anyways.
Gasman: Seriously, why do you *need* this so bad? Are you really so lazy you cant rewrite your real name and e-mail when you decide to join a *new* community? Or do you change your real name and e-mail that often you need to "synch the web"?
For me this all just sounds like a big hassle for nothing. If MS had launched this service I am sure everybody would start ranting on bloggs and yell how they are trying to take over the web and mapping your personal life.
come on stefan, you don't want the whole world to know which is your current favorite lolcat ??
Quote:
If MS had launched this service I am sure everybody would start ranting on bloggs and yell how they are trying to take over the web and mapping your personal life.
microsoft has already done that:
http://en.wikipedia.org/wiki/Windows_Live_ID
and before that MS made Passport...
(winden: I fixed the login bug that you got this morning. This is what happens when I try to deploy stuff at 1 in the morning, I guess...)
Gargaj: Given that the barrier to getting a SceneID is "can you fill out a form", I don't really believe that supporting OpenID will open the floodgates to random non-sceners any more than SceneID does already. But anyhow, that's a choice for individual site administrators to make. Until they make the decision to support OpenID, nothing has changed here.
sceneid.net is all about going the other direction - making sceneIDs usable on sites that aren't closely coupled to scene.org. (Which potentially includes a lot of scene-related sites.) At the moment that's a technical restriction of the SceneID system (which is fair enough, because SceneID wasn't designed by a committee of incredibly smart security experts): it requires users to submit their passwords to the website in question, which means they have to trust that site not to do anything evil with them. It requires scene.org to trust the website in order to grant it access to the central database (well, kinda - you can get around that by using their test system...), and they clearly don't have the resources to do security audits on every website that comes along. To the people who don't see the point of this - I'll bet there are scene websites that you find useful and happily participate in, but are run by someone who you wouldn't in a million years share your SceneID password with, right? (Or if not, you can imagine that there could be sites like that one day, right?) This provides a way of using SceneID on those sites without handing over your password. So really, this is all about making SceneID more useful within the scene.
In fact, even if individual sites decide that they're only going to let people with SceneID accounts log in, it might still make technical sense for them to use OpenID as the glue for those reasons. The new attribute exchange stuff would let sites fire off OpenID requests that say "Authenticate this user, and when you've done that, give me back their (numeric) SceneID". If the OpenID provider receiving that request is sceneid.net, it will be able to give a sensible answer - if not, it probably won't.
Gargaj: Given that the barrier to getting a SceneID is "can you fill out a form", I don't really believe that supporting OpenID will open the floodgates to random non-sceners any more than SceneID does already. But anyhow, that's a choice for individual site administrators to make. Until they make the decision to support OpenID, nothing has changed here.
sceneid.net is all about going the other direction - making sceneIDs usable on sites that aren't closely coupled to scene.org. (Which potentially includes a lot of scene-related sites.) At the moment that's a technical restriction of the SceneID system (which is fair enough, because SceneID wasn't designed by a committee of incredibly smart security experts): it requires users to submit their passwords to the website in question, which means they have to trust that site not to do anything evil with them. It requires scene.org to trust the website in order to grant it access to the central database (well, kinda - you can get around that by using their test system...), and they clearly don't have the resources to do security audits on every website that comes along. To the people who don't see the point of this - I'll bet there are scene websites that you find useful and happily participate in, but are run by someone who you wouldn't in a million years share your SceneID password with, right? (Or if not, you can imagine that there could be sites like that one day, right?) This provides a way of using SceneID on those sites without handing over your password. So really, this is all about making SceneID more useful within the scene.
In fact, even if individual sites decide that they're only going to let people with SceneID accounts log in, it might still make technical sense for them to use OpenID as the glue for those reasons. The new attribute exchange stuff would let sites fire off OpenID requests that say "Authenticate this user, and when you've done that, give me back their (numeric) SceneID". If the OpenID provider receiving that request is sceneid.net, it will be able to give a sensible answer - if not, it probably won't.
I'm just curious. Must all be one? Why?
"making sceneIDs usable on sites that aren't closely coupled to scene.org"? well that's just the point! DONT!
and as for sceneid and the security issues: drop the halo and stop trying to descend from heavens with a roadmap to the promised land. yes, scene.org is run by hobbyist. no, none of them (afaik) are employed as network security experts. yes, they're prone to bugs and maybe even bad design decisions... your point being? i mean JEEZ you're basically saying "let's take out ALL control from scene.org's hands because we trust a random company more".
openid integration removes the decision of scene.org to trust or distrust, probably creating a huge surge in sites integrating into sceneid - well WHEE. we all know what that might mean.
they're both the same to integrate AND use, but they principle is wildly different.
and as for sceneid and the security issues: drop the halo and stop trying to descend from heavens with a roadmap to the promised land. yes, scene.org is run by hobbyist. no, none of them (afaik) are employed as network security experts. yes, they're prone to bugs and maybe even bad design decisions... your point being? i mean JEEZ you're basically saying "let's take out ALL control from scene.org's hands because we trust a random company more".
openid integration removes the decision of scene.org to trust or distrust, probably creating a huge surge in sites integrating into sceneid - well WHEE. we all know what that might mean.
they're both the same to integrate AND use, but they principle is wildly different.
Quote:
"making sceneIDs usable on sites that aren't closely coupled to scene.org"? well that's just the point! DONT!
Why not? I mean, I don't see anything to lose. After all, you don't have to use it. You don't share any information with any new party unless you want to do it (at least that's my understanding). So what's the problem?
Same question as blala.
Oh, and:
Except that it's interesting to experience you in incoherent ramble mode: No, we don't. Or to put it more bluntly: Either I have no idea what you're saying or you yourself have no idea what you're saying. I'm so completely missing your point that I have the slight feeling there is none.
Oh, and:
Quote:
openid integration removes the decision of scene.org to trust or distrust, probably creating a huge surge in sites integrating into sceneid - well WHEE. we all know what that might mean.
Except that it's interesting to experience you in incoherent ramble mode: No, we don't. Or to put it more bluntly: Either I have no idea what you're saying or you yourself have no idea what you're saying. I'm so completely missing your point that I have the slight feeling there is none.