Since XRI is pretty much in bed with OpenID and NeuStar is an XRI shop, I get to play around with it quite a bit.
Here’s a little success report about using JanRain‘s mpopenid module to protect certain restricted resources served by Apache. It works somewhat like your basic HTTP authentication, but instead of returning a
401 Authorization Required response causing the browser to prompt for username and password, it redirects you to the OpenID login page. Pretty neat eh?
So, here's how we go about doing it.
- Apache 2.2.4
- Python 2.5
- mod_python 3.2.10
- JanRain's Python OpenID library combo 1.2.0 (which includes dependencies: Yadis 1.1.0 + urljr 1.0.1)
- mpopenid 1.2.0-pre5 (yet to be released on the main project site which is still showing 1.0.0)
Did I mention that you could login using an I-name?
The following patch for
mpopenid.py is needed to make i-name login work:
--- mpopenid-1.2.0-pre5/mpopenid.py Tue Nov 21 20:24:53 2006 +++ mpopenid-1.2.0-pre5-wil/mpopenid.py Sun Jan 14 16:12:16 2007 @@ -157,10 +157,17 @@ url = s.strip() if not url: continue - parsed = urlparse.urlparse(url) - if not (parsed and parsed): - url = 'http://' + url - urls.append(urinorm(url)) + + if (url[0:6].lower() == "xri://"): + url = url[6:] # strip "xri://" + + if (url not in "=@!$+"): # doesn't look like an XRI + parsed = urlparse.urlparse(url) + if not (parsed and parsed): + url = 'http://' + url + url = urinorm(url) + + urls.append(url) return urls