Archive for the 'iname' Category

OpenID for Drupal

Saturday, May 5th, 2007

There was a thread on the OpenID list around the subject of OpenID support in Drupal. Previously, I’ve experimented with the OpenID module originally written by Jonathan Daugherty from JanRain, now under maintenance by the folks at Bryght. That module uses JanRain’s PHP OpenID library, and it worked pretty much out of the box, with XRI support.

What I learned from this discussion thread is that James Walker from Bryght has been working on another OpenID module that is intended for inclusion into Drupal 6 core distribution, without using JanRain’s library. There are apparently things that Drupal-heads don’t like about the JanRain’s library, licensing may be one of the issues.

So I pulled the DRUPAL-5 codebase from CVS and installed it, then installed the 5.x-1.x-dev snapshot tarball to test it out. First thing I noticed was that it doesn’t support XRI, and I really didn’t expect it to. Then, when I tried logging in with my identifier, it wouldn’t work because I delegated it to my account. So, it doesn’t support delegate either.

Then I spent a few hours getting rudimentary XRI support into it, and made it work with delegates. Few days later, I realized that this was only a snapshot and the module is in the Drupal contributions repository. So, I threw away my installation but kept the patch I made of the 5.x-1.x-dev snapshot and started anew. The result is a patch that works with the Drupal CVS trunk as of today.

The changes are:
1. When a first-time user is authenticated, a local account is created but no role was specified. Modified the module to add the ‘authenticated user’ role to the user.
2. XRI support. This is very rudimentary and does not support canonical ID yet, but shouldn’t be hard to implement.
3. Delegate support. In OpenID 2.0, the submitted identifier (URL) is passed to the OP as the openid.claimed_id parameter, while the delegate, if present, is sent as openid.identifier.
4. In the meantime, I noticed that the while the URL normalization conforms to the OpenID Authentication 2.0 implementor’s draft 11 specification, it treats and (with trailing slash) as different identifiers. Well, they should really be the same as RFC3986 says that for HTTP, an empty path is equivalent to “/”. This normalization rule was reflected in rev 294 of the spec.

Of course this is only a *very* rough patch (no pun intended). I have never hacked Drupal before, and haven’t read much of its coding styles though I tried to follow the conventions in the original code. I do hope that at least parts of it can be integrated into the module though.

My development environment is here: Feel free to try it out.

New site:

Monday, January 15th, 2007

I really shouldn’t blogging that much now that I have three weeks left to pack up and move to Virginia. That’s another story if I get around to blogging it.

Recently on the OpenID mailing list, many people are asking for a free i-name to play around with, research and develop software against. Global i-names cost USD20 per year but if you just want to evaluate the technology, you can get a community i-name for free. A community i-name is analogous to subdomains in the DNS world. A global i-name is something like @neustar or =wil. A community i-name has an extra subsegment tagged to the end e.g. @neustar*william.tan.

The i-name / XRI community has awakened to the challenge that we need to provide more support and documentation to the developer community, and our response is the wiki.

In my little way, I have also created a site ( to allow developers to experiment with XRI resolution and Yadis by providing free community i-names under @xrid. The site allows you to have unlimited community i-names (you can even host your own like @xrid*wil*work), and link them to authorities (identities) in any way you like, and most importantly, edit XRDS documents that will be served by the authority resolution server.

So, if you’re a developer interested in experimenting with XRI technologies, get your free @xrid community i-name here.

(Note: you may be curious as to why @xrid. Well, XRID was an earlier incarnation of the XRD which is a recursive acronym for “XRI Descriptor”. Later, it was decided that we don’t want to tie the XRDS document format to just being used in XRI’s (e.g. Yadis uses XRDS documents.)

Did I mention that you can login with an OpenID too?

mod_python OpenID Access Control

Monday, January 15th, 2007

Since XRI is pretty much in bed with OpenID and NeuStar is an XRI shop, I get to play around with it quite a bit.

Here’s a little success report about using JanRain‘s mpopenid module to protect certain restricted resources served by Apache. It works somewhat like your basic HTTP authentication, but instead of returning a 401 Authorization Required response causing the browser to prompt for username and password, it redirects you to the OpenID login page. Pretty neat eh?

So, here's how we go about doing it.

My ingredients:

Following the recipes in this README file, I was able to set it up with one caveat: Python ElementTree module is a dependency of the Python Yadis library and you need to first install that.

Did I mention that you could login using an I-name?


The following patch for is needed to make i-name login work:

--- mpopenid-1.2.0-pre5/     Tue Nov 21 20:24:53 2006
+++ mpopenid-1.2.0-pre5-wil/ Sun Jan 14 16:12:16 2007
@@ -157,10 +157,17 @@
         url = s.strip()
         if not url:
-        parsed = urlparse.urlparse(url)
-        if not (parsed[0] and parsed[1]):
-            url = 'http://' + url
-        urls.append(urinorm(url))
+        if (url[0:6].lower() == "xri://"):
+            url = url[6:] # strip "xri://"
+        if (url[0] not in "=@!$+"): # doesn't look like an XRI
+            parsed = urlparse.urlparse(url)
+            if not (parsed[0] and parsed[1]):
+                url = 'http://' + url
+            url = urinorm(url)
+        urls.append(url)

     return urls

FoXRI updated for Firefox 2.0

Saturday, November 4th, 2006

Just a quick mention that I’ve updated FoXRI to be compatible to Firefox 2.0. I haven’t had time to implement URI construction (which explains why some URI links don’t work in the FoXRI explorer).

Thanks to Gabe and Ken Walsh for the reminder.

FoXRI – Firefox extension for XRI (I-name and I-number)

Friday, August 4th, 2006

I’ve developed a Firefox extension that allows the use of XRI‘s in the browser. You can install it over at my i-name landing page

What you can do:

  • Type in =foo or @bar on the URL bar and have it redirect to the proxy resolution service.
  • You can also type in the full XRI i.e. xri://=foo
  • You can click on xri:// links, here’s an example: xri://@NeuStar (don’t click on it unless you have the extension installed!)

Note that you can’t link to the shorthand notation of =foo
because it is not an absolute XRI, and therefore will be resolved in the context of the linking page.

Disclaimer: This should be considered pre-pre-pre alpha software and it comes with absolutely no warranty. I do not accept any responsibility for any consequence directly or indirectly caused by the use of this extension. If your browser implodes don’t blame me.

I-names Launch Celebration

Wednesday, July 19th, 2006

Les sent me this bottle of Shiraz so I can join the I-names registry launch – remotely. After the official launch, and we verified that everything was going well, the registry team gathered at his office. I was the telephone on Les’s desk, cheering and toasting everyone for the hard work. Except I did not open the wine because it was early morning for me here in the outback. So, I took a photo of it with my new Canon 350D and kept it until now. It turned out to be very tasty. Normally I don’t dig red wines much because it’s just too “bloody”, but this one’s different. This one taste like I-names :)

Penny's Hill Red Dot Shiraz