lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


From the OpenID list; haven't seen this posted here yet.

(OpenID is a lightweight identity protocol that lets people use a single identity to authenticate with multiple sites. It's similar in purpose to TypeKey or SXIP but doesn't rely on a central server. More info at http://openid.net and http://openidenabled.com.)

Begin forwarded message:

From: Keith Howe <nezroy@gmail.com>
Date: 21 January , 2006 12:07:59 AM PST
Subject: Lua OpenID server implementation

I have posted the initial alpha release of a Lua OpenID server
implementation. It can be found at http://luaopenid.luaforge.net/. It
(hopefully) complies with the "1.1" spec, but only supports plain-text
key exchange for shared secrets (no DH yet).

In the process I have also added a new wiki page at
coverage of the protocol for those who, like me, had no previous
exposure to it. This includes discussions about the apparent security
implications of various design elements which were not immediately
obvious to thick-headed folks such as myself.

It is not intended to replace the detailed specs. It is intended to
hopefully replace (or at least shorten) for others the process I went
through to understand the protocol in action -- namely, studying the
Perl implemenation along with the existing specs while watching
messages come in and out of my own implementation. Someday I might
even add diagrams, if enough people find it to be helpful :)

- K.Howe