The online racing simulator
LFS as an OpenID provider, for third-party web sites
For those unfamiliar with OpenID, first take a quick glance at this:

http://openid.net/

It just occured to me that LFS could host an OpenID service and be an Identity Provider. Then, third party web sites can act as OpenID consumers and provide certain features to licensed LFS racers.

The goal is for these third party web sites to authenticate LFS users, in a secure way and without users exposing LFS passwords to anyone but LFS itself.

Example scenario: CTRA has its own password database, for its website features, but underneath it just uses LFS accounts. Instead, it could use OpenID to authenticate users to its website.

Example scenario #2: A team's forum can use OpenID login and allow LFS racers to post there under their LFS usernames, instead of each racer going through the trouble of registering an account from scratch.

I just came up with this and I admit I haven't thought it through, but it seems like an interesting idea.
definitely +1, good idea.

There are also already nice components on the market that make it easier to create an OpenID service. My favourite is Zend_OpenId. It has both a provider and a consumer class.
Yes, yes, YES!!
Quote from Bob Smith :Well now it's official, LFS is at least as good as sex:

You perv

Shame on you


But for the sugestion is ay +1000!!!
this should save alot of time and works just as good
#6 - Jakg
There has to be a catch?
Quote from Jakg :There has to be a catch?

There really are people who write software for public good and don't demand anything...
#9 - Jakg
I didn't mean that - although I don't properly understand it I was wondering if there were any security issues?:
Quote from Jakg :I didn't mean that - although I don't properly understand it I was wondering if there were any security issues?:

At least it's growing fast amongst quite big providers.

http://en.wikipedia.org/wiki/Openid
"OpenID is increasingly gaining adoption among large sites, with organizations like AOL, Google, IBM, Microsoft, Orange, VeriSign, Yandex and Yahoo acting as providers.[1][2][3][4][5] In addition, integrated OpenID support has been made a high priority in Firefox 3[6] and OpenID can be used with Windows CardSpace."
Quote from Jakg :I didn't mean that - although I don't properly understand it I was wondering if there were any security issues?:

There are a lot security issues
next to phishing

Imo the big names (MS,AOL, Yahoo, Google etc.) are just joining OpenID for one reason. It opens the door to better data-mining.
MS failed with it's own Single Sign-on system "Passport Network", Why? Because many don't trust MS.
But now they found another way to sooner or later get what they want: Better user profiles.


I really have my doubts about single sign-on systems.
The idea behind it is ok but in reality the big companies
don't jump on the bandwagon beause they are philanthropists
and want to make the users life easier.

Like in the X-files: "Trust No One"
Personally I don't see any justification for it given the potential security issues, it's hardly as if registering an account is difficult.
I was thinking the same thing.

Access to all of your stuff via one account? That means only one password between moron hackers and your address, credit card and game login details? I don't think so.
What exactly is the problem that OpenID is supposed to solve? So far I haven't seen any examples of big nuisances that can be improved with OpenID. And I can see at least one disadvantage: the LFS server becomes a single point of failure. If the server is down, then everything stops -- you can't even post a forum message to say that the server is down. Sure, the devs could create multiple servers, but who can justify the cost of that?

For now, OpenID seems to be a solution looking for a problem. (With respect to LFS, that is.)
Yet another LFS user, just trying to suggest something (which happens to be a very good suggestion), shot down in an instant.

Well done guys! Way to go!
Quote from wsinda :What exactly is the problem that OpenID is supposed to solve?

[snip]

For now, OpenID seems to be a solution looking for a problem. (With respect to LFS, that is.)

Hmm.

The LFS licensed system, luckily, has one account for me, for all sites (lfswiki, lfsworld, lfsforum).

In CTRA, however, I have a different password.

In [noobs] forum, I'm avel, not avellis, and I have a different password there, and have entered my profile thingies that I want to share, again.

Then, when I went to the sccc and dark side racing forums to spam them, again, I registered with some other password, got another confirmation email, and didn't even bother to fill in any stuff about me.

If I want to make a website to provide a service to licensed lfs users, I can't, unless I hook it up in a way with an insim app inside LFS which can vouch that the user is authenticated. Much like CTRA does now.

If I want to share some stuff from my lfsworld data, it's either to everyone or to noone. I don't have the choice to say "provide this data to that site".

Are these big problems? Perhaps not. Perhaps, all data in lfsworld, the data already in there and the data that might be in there in the future, is really meant to be showed to anybody, at any time.

Are there security issues that someone needs to think about? Definitely yes, but IMHO they are not show-stoppers. Some of the aforementioned comments are valid, and security needs to be central to the implementation of this. With some design and within the boundaries of a "federation", (LFS official + Team Sites + Application Sites + Blogs + Sites with Stats), I believe that some possibilities open for new stuff to be thought of and get built by the community.

Dajmin - people are supposed to have multiple "identities". The LFS identity, most probably, wouldn't [allowed to] be used by irrelevant sites. Of course, within the "federation", yes, it would act much like a single-sign-on system.

Again, I empasize on the fact that I personally haven't thought this through. But I stand by my opinion that this is a good idea.
I might do this. Will have to do some more reading to understand how it works, but this line from the developers guide they link to :
Quote :It will explain how to easily let new users sign up for an account on your site using their OpenID URL and how to let existing users attach their OpenID(s) so they can sign in using them

sounds interesting. Nothing would change for existing users and new users can use their OpenID. I have nothing against that, if it's safe.
That site didn't address the security concerns beyond "it requires a more complex password", it merely points out what they are.
Now as for security certificates, that's not something I have much experience in outside of work (where I have a supplier-issued certificate on this computer that gets checked when I try to log into a specific program) so I can't speak on that.
It's a good idea, but it is a serious pain to get renewed when it expires. The installation is more complex than it needs to be (which may be related to not having admin privs here) and really the only thing it requires is email, login and password to retrieve. Which means if you've already been hacked, the hacker has access to everything they need to get the certificate themselves, deeming it essentially useless. In a work environment it also requires supervisor confirmation, but at home that won't work.

It's an interesting idea, but it seem to me that the more you spread out the things you have access to, the bigger the potential audience of hackers can find you. And I'm guessing that a system like this is going to have a massive amount of watchers already.
Quote from Krammeh :Yet another LFS user, just trying to suggest something (which happens to be a very good suggestion), shot down in an instant.

Well done guys! Way to go!

How long have you been sulking for now? A week? It's weird because you look older than primary school age.
Quote from thisnameistaken :How long have you been sulking for now? A week? It's weird because you look older than primary school age.

Since when has the suggestion section of the forum been for throwing offensive remarks at other users.

Get a life buddy.
By the way, I used to use openID in its early stages.

It's a very nice system to work with and also great fun to create the openID server.

Bare in mind, you only send back te information that you trust with that OpenID client - so you could have trusted clients (eg. CTRA, LTC and so on) which you could submit further detailed information.

I think this would be a smashing feature to be added to LFS - and would bring the individual communities that are around LFS, together once again.
Quote from thisnameistaken :How long have you been sulking for now? A week? It's weird because you look older than primary school age.

LMFAO!

[Edit]
Quote from Krammeh :(eg. CTRA, LTC and so on) which you could submit further detailed information.



I think this would be a smashing feature to be added to LFS - and would bring the individual communities that are around LFS, together once again.

You mean, Bring racing and cruising together? Not gonna happen.
-
(Krammeh) DELETED by the_angry_angel : Take it to PM gentlemen.
-
(mcgas001) DELETED by the_angry_angel : Take it to PM gentlemen.
Quote from mcgas001 :LMFAO!

[Edit]

You mean, Bring racing and cruising together? Not gonna happen.

It kinda already has happened when you think about it.

I race. I cruise.
Quote from Dajmin :That site didn't address the security concerns beyond "it requires a more complex password", it merely points out what they are...

Like I wrote "nice and easy to understand".

I you want to have a deeper look into the security, privacy, usability, trust problems etc. etc.
I recommend that site:

http://idcorner.org/2007/08/22/the-problems-with-openid/
For me it's like someone said there:
"Theres nothing stopping a fake Mark Cuban from creating a fake OpenID, or worse, a fake identity provider."
1

FGED GREDG RDFGDR GSFDG