[2008-04-23 07:03:48] <peace-keeper:#higgins@higginsircbot|JOIN>JOIN #higgins :peace-keeper!n=peace-ke@chello084114169104.2.15.vie.surfer.at JOIN :#higgins
[2008-04-23 07:13:50] <rcjsuen:#higgins@higginsircbot|JOIN>JOIN #higgins :rcjsuen!n=rcjsuen@bas6-kitchener06-1177624177.dsl.bell.ca JOIN :#higgins
[2008-04-23 08:23:34] <rcjsuen:#higgins@higginsircbot|QUIT>QUIT rcjsuen
[2008-04-23 08:55:13] <MikeMc:#higgins@higginsircbot|JOIN>JOIN #higgins :MikeMc!n=MikeMc@nat/ibm/x-3830212eee9aab6c JOIN :#higgins
[2008-04-23 08:55:26] <MikeMc:#higgins@higginsircbot>Hi Daniel
[2008-04-23 08:55:59] <danie1:#higgins@higginsircbot>hi
[2008-04-23 08:56:36] <MikeMc:#higgins@higginsircbot>I have been trying to find someone that knows how to look at the configuration on WAG server
[2008-04-23 08:56:50] <danie1:#higgins@higginsircbot>I can look at it
[2008-04-23 08:56:55] <danie1:#higgins@higginsircbot>what do you need?
[2008-04-23 08:57:03] <MikeMc:#higgins@higginsircbot>we are having some trouble and seems like the easiest fix is to change WAG a little
[2008-04-23 08:57:16] <danie1:#higgins@higginsircbot>k
[2008-04-23 08:57:25] <MikeMc:#higgins@higginsircbot>The cert chain returned by wag during ssl negotiation is 4 deep
[2008-04-23 08:57:40] <MikeMc:#higgins@higginsircbot>however msft builds its own chain that is 3 deep
[2008-04-23 08:58:13] <MikeMc:#higgins@higginsircbot>essentially the godaddy cert chains to a valicert root in the chain returned by wag - but msft build a chain to a self signed godaddy cert
[2008-04-23 08:58:56] <MikeMc:#higgins@higginsircbot>this causes trouble because RPID computed inside cardspace (3 deep chain) is not same as RPID computed in java (4 deep chain) 
[2008-04-23 08:59:39] <MikeMc:#higgins@higginsircbot>is it possible to change the config to use the 3 deep chain? you can see the msft produced chain using IE and clicking the padlock
[2008-04-23 09:00:18] <MikeMc:#higgins@higginsircbot>personally - I think this is a msft bug - but getting them to chainge anything for interop isnt happening
[2008-04-23 09:00:37] <danie1:#higgins@higginsircbot>When we got our certificates, godaddy sent us the chain that we are using..
[2008-04-23 09:00:53] <MikeMc:#higgins@higginsircbot>my opinion is that using anything other than the server provided chain is wrong since its only way to ensure we all use same chain
[2008-04-23 09:01:17] <danie1:#higgins@higginsircbot>I don't actually have another file for the intermediate certs...
[2008-04-23 09:01:18] <MikeMc:#higgins@higginsircbot>but msft ignores the ssl chain and uses their local cert store to build the chain
[2008-04-23 09:01:27] <MikeMc:#higgins@higginsircbot>you can get them from IE
[2008-04-23 09:01:40] <MikeMc:#higgins@higginsircbot>view certs and look at the path
[2008-04-23 09:01:47] <danie1:#higgins@higginsircbot>I see
[2008-04-23 09:01:56] <danie1:#higgins@higginsircbot>What does digitalme do here?
[2008-04-23 09:02:02] <MikeMc:#higgins@higginsircbot>not sure
[2008-04-23 09:02:26] <danie1:#higgins@higginsircbot>Before I change anything, let me talk to Andy
[2008-04-23 09:02:47] <MikeMc:#higgins@higginsircbot>this is really only a problem when using a Managed Card backed by a Personal Card 
[2008-04-23 09:02:58] <MikeMc:#higgins@higginsircbot>where WAG is the IdP
[2008-04-23 09:03:19] <danie1:#higgins@higginsircbot>I know I've created cards like that and imported them into digitalme
[2008-04-23 09:03:30] <danie1:#higgins@higginsircbot>our cards site would have the same problem I think
[2008-04-23 09:03:55] <MikeMc:#higgins@higginsircbot>when we register with WAG we treat WAG as RP and get chain from browser - when we use the card we use java to get the IdP chain - these methods give differnet chains
[2008-04-23 09:03:55] <danie1:#higgins@higginsircbot>Do you have problems with cards issued by our bandit cards site? (cards.bandit-project.org)
[2008-04-23 09:04:19] <MikeMc:#higgins@higginsircbot>I have not tried myself but think its same problem
[2008-04-23 09:04:34] <MikeMc:#higgins@higginsircbot>someone told me we didnt work with wag or cards
[2008-04-23 09:05:08] <danie1:#higgins@higginsircbot>Let me look into it.
[2008-04-23 09:05:14] <MikeMc:#higgins@higginsircbot>thanks
[2008-04-23 09:05:41] <MikeMc:#higgins@higginsircbot>we are working on creating the same bug as msft - but for short term interop this will help ;-)
[2008-04-23 09:05:52] <danie1:#higgins@higginsircbot>Perhaps it is not a problem for Andy since he doesn't go through IE
[2008-04-23 09:06:38] <MikeMc:#higgins@higginsircbot>I think the problem would manifest if you obtain a managed card backed by personal card using cardspace - then import that cardstore into digime
[2008-04-23 09:06:54] <MikeMc:#higgins@higginsircbot>or vice versa
[2008-04-23 09:07:16] <MikeMc:#higgins@higginsircbot>unless andy have implemented the msft chain building algo/bug
[2008-04-23 09:07:24] <danie1:#higgins@higginsircbot>k, I'll try them both to see what happens
[2008-04-23 09:07:47] <danie1:#higgins@higginsircbot>Andy's not in yet, so it will probably be an hour or two before we get this resolved
[2008-04-23 09:07:54] <danie1:#higgins@higginsircbot>I'm sure we can get it taken care of though.
[2008-04-23 09:11:05] <MikeMc:#higgins@higginsircbot>thanks - no real hurry - and frankly "fixing" this removes our ability to test any fix we come up with - but we'd like to be able to show our selector working with wag/cards
[2008-04-23 09:37:45] <Duan1:#higgins@higginsircbot|JOIN>JOIN #higgins :Duan1!n=dbuss@nat/novell/x-95193a586b66db82 JOIN :#higgins
[2008-04-23 09:39:16] <danie1:#higgins@higginsircbot>Mike, you still there?
[2008-04-23 09:39:22] <MikeMc:#higgins@higginsircbot>yes
[2008-04-23 09:39:36] <danie1:#higgins@higginsircbot>Can you call me and talk with me and Andy for a minute on this?
[2008-04-23 09:39:43] <MikeMc:#higgins@higginsircbot>yes
[2008-04-23 09:39:45] <danie1:#higgins@higginsircbot>Andy says there is a right solution
[2008-04-23 09:39:48] <MikeMc:#higgins@higginsircbot>#?
[2008-04-23 09:39:53] <danie1:#higgins@higginsircbot>801-861-4193
[2008-04-23 09:48:37] <peacekeeper:#higgins@higginsircbot|JOIN>JOIN #higgins :peacekeeper!n=peace-ke@chello084114169104.2.15.vie.surfer.at JOIN :#higgins
[2008-04-23 09:55:52] <Duan1:#higgins@higginsircbot|PART>PART #higgins 
[2008-04-23 09:55:58] <Duan1:#higgins@higginsircbot|JOIN>JOIN #higgins :Duan1!n=dbuss@nat/novell/x-95193a586b66db82 JOIN :#higgins
[2008-04-23 10:03:20] <peace-keeper:#higgins@higginsircbot|QUIT>QUIT peace-keeper
[2008-04-23 10:17:35] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@137.65.132.134 JOIN :#higgins
[2008-04-23 10:21:02] <tdoman:#higgins@higginsircbot|PART>PART #higgins 
[2008-04-23 10:24:16] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@137.65.132.134 JOIN :#higgins
[2008-04-23 10:32:24] <danie1:#higgins@higginsircbot>Mike, we've been discussing this issue a little more ... it almost seems pointless for us to change the cert chain and then change it back
[2008-04-23 10:32:50] <danie1:#higgins@higginsircbot>after we change it back, you will still be in a situation where nobody can verify that your selector works against wag
[2008-04-23 10:32:54] <MikeMc:#higgins@higginsircbot>ok - I'll let Tony know it won't be working this week
[2008-04-23 10:33:08] <MikeMc:#higgins@higginsircbot>that's not true
[2008-04-23 10:33:21] <MikeMc:#higgins@higginsircbot>because we should have a fix in place by then
[2008-04-23 10:34:39] <danie1:#higgins@higginsircbot>Does a week delay make a big difference?
[2008-04-23 10:35:03] <MikeMc:#higgins@higginsircbot>only from a PR standpoint since they are doing interop in europe this week
[2008-04-23 10:35:27] <danie1:#higgins@higginsircbot>So, doesn't the problem still exist for you if I change it right back?
[2008-04-23 10:35:37] <MikeMc:#higgins@higginsircbot>yes it does
[2008-04-23 10:35:51] <danie1:#higgins@higginsircbot>I would have to hold off changing it back for another week
[2008-04-23 10:36:03] <MikeMc:#higgins@higginsircbot>that would be fine
[2008-04-23 10:36:44] <danie1:#higgins@higginsircbot>But then what about those who want that test case?
[2008-04-23 10:36:53] <danie1:#higgins@higginsircbot>during europe interop?
[2008-04-23 10:36:58] <MikeMc:#higgins@higginsircbot>do they even know it exists?
[2008-04-23 10:37:10] <danie1:#higgins@higginsircbot>Well both cardspace and digitalme know
[2008-04-23 10:37:39] <aho1:#higgins@higginsircbot|JOIN>JOIN #higgins :aho1!n=ahodgkin@137.65.132.7 JOIN :#higgins
[2008-04-23 10:37:45] <danie1:#higgins@higginsircbot>Are you at europe interop?
[2008-04-23 10:37:45] <MikeMc:#higgins@higginsircbot>its ok - I understand - leave it that way is fine
[2008-04-23 10:37:49] <MikeMc:#higgins@higginsircbot>I am not
[2008-04-23 10:38:03] <MikeMc:#higgins@higginsircbot>if it was cleveland they would send me :-)
[2008-04-23 10:38:04] <danie1:#higgins@higginsircbot>I'd like to consult with Dale about it, but I haven't been able to raise him.
[2008-04-23 10:39:08] <danie1:#higgins@higginsircbot>Since changing it and changing it right back doesn't really help for europe interop, I think I'm going to leave it for now.
[2008-04-23 10:39:16] <danie1:#higgins@higginsircbot>because I don't want to leave it changed for a whole week.
[2008-04-23 10:39:18] <MikeMc:#higgins@higginsircbot>ok
[2008-04-23 10:56:36] <tdoman:#higgins@higginsircbot|QUIT>QUIT tdoman
[2008-04-23 10:59:09] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@137.65.229.20 JOIN :#higgins
[2008-04-23 11:14:46] <Duan1:#higgins@higginsircbot|QUIT>QUIT Duan1
[2008-04-23 11:15:06] <Jimse:#higgins@higginsircbot|JOIN>JOIN #higgins :Jimse!n=jimse@137.65.229.34 JOIN :#higgins
[2008-04-23 11:34:34] <peacekeeper:#higgins@higginsircbot|QUIT>QUIT peacekeeper
[2008-04-23 11:35:31] <peace-keeper:#higgins@higginsircbot|JOIN>JOIN #higgins :peace-keeper!n=peace-ke@chello084114169104.2.15.vie.surfer.at JOIN :#higgins
[2008-04-23 11:38:33] <Duane:#higgins@higginsircbot|JOIN>JOIN #higgins :Duane!n=dbuss@nat/novell/x-cf7c3c44651eb47f JOIN :#higgins
[2008-04-23 11:38:41] <Duane:#higgins@higginsircbot>http://www.prescod.net/rest/rest_vs_soap_overview/  section 5
[2008-04-23 12:16:09] <Duane:#higgins@higginsircbot|QUIT>QUIT Duane
[2008-04-23 12:16:21] <Duane:#higgins@higginsircbot|JOIN>JOIN #higgins :Duane!n=dbuss@nat/novell/x-d0f6f169a90db2b2 JOIN :#higgins
[2008-04-23 12:16:33] <MikeMc:#higgins@higginsircbot|QUIT>QUIT MikeMc
[2008-04-23 12:22:10] <MikeMc:#higgins@higginsircbot|JOIN>JOIN #higgins :MikeMc!n=MikeMc@nat/ibm/x-a08675d371b1fca5 JOIN :#higgins
[2008-04-23 12:27:24] <Duane:#higgins@higginsircbot|QUIT>QUIT Duane
[2008-04-23 12:27:29] <Duane:#higgins@higginsircbot|JOIN>JOIN #higgins :Duane!n=dbuss@nat/novell/x-5338bc084a767d91 JOIN :#higgins
[2008-04-23 12:51:23] <tdoman:#higgins@higginsircbot|QUIT>QUIT tdoman
[2008-04-23 13:20:27] <_keturn:#higgins@higginsircbot|JOIN>JOIN #higgins :_keturn!n=acapnoti@pdpc/supporter/sustaining/keturn JOIN :#higgins
[2008-04-23 13:56:47] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@nat/novell/x-bba351eb112dd726 JOIN :#higgins
[2008-04-23 14:04:42] <tdoman:#higgins@higginsircbot|QUIT>QUIT tdoman
[2008-04-23 14:05:37] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@137.65.229.20 JOIN :#higgins
[2008-04-23 14:16:44] <MikeMc:#higgins@higginsircbot|QUIT>QUIT MikeMc
[2008-04-23 14:42:45] <Duane:#higgins@higginsircbot|QUIT>QUIT Duane
[2008-04-23 14:42:54] <Duane:#higgins@higginsircbot|JOIN>JOIN #higgins :Duane!n=dbuss@nat/novell/x-c70707e61d4149fa JOIN :#higgins
[2008-04-23 14:52:37] <_keturn:#higgins@higginsircbot|QUIT>QUIT _keturn
[2008-04-23 14:54:05] <_keturn:#higgins@higginsircbot|JOIN>JOIN #higgins :_keturn!n=acapnoti@pdpc/supporter/sustaining/keturn JOIN :#higgins
[2008-04-23 16:06:09] <MikeMc:#higgins@higginsircbot|JOIN>JOIN #higgins :MikeMc!n=MikeMc@ool-457d0c29.dyn.optonline.net JOIN :#higgins
[2008-04-23 16:24:22] <Duane:#higgins@higginsircbot|QUIT>QUIT Duane
[2008-04-23 16:24:32] <Duane:#higgins@higginsircbot|JOIN>JOIN #higgins :Duane!n=dbuss@nat/novell/x-736aba80f5b45275 JOIN :#higgins
[2008-04-23 18:05:49] <Duane:#higgins@higginsircbot|QUIT>QUIT Duane
[2008-04-23 18:29:01] <peace-keeper:#higgins@higginsircbot|QUIT>QUIT peace-keeper
[2008-04-23 19:05:55] <tdoman:#higgins@higginsircbot|QUIT>QUIT tdoman
[2008-04-23 19:44:02] <tdoman:#higgins@higginsircbot|JOIN>JOIN #higgins :tdoman!n=TeeDoh@66.29.163.1.static.utahbroadband.com JOIN :#higgins
[2008-04-23 20:10:22] <Jimse:#higgins@higginsircbot|QUIT>QUIT Jimse
[2008-04-23 23:16:50] <tdoman:#higgins@higginsircbot|QUIT>QUIT tdoman