Re: New module - (session/authentication) seeking a name
On Sat, 2004-05-15 at 15:35, Lincoln A. Baxter wrote: And what does AIS stand for? Or did I miss that. Lincoln Authenticated Identity Service. I started working on it in response to press releases about Microsoft Passport, and gave a presentation on my design at YAPC - St. Louis. It has been improving a lot in 2004 as I have written several systems that refer to it and have tested it on boa as well as apache. -- david nicol this message was sent from a filtering e-mail address. Until I add you to my friends list, to get by Big Emet the cowboy doorman your reply must include a listed magic phrase such as cat and buttered toast
Re: New module - (session/authentication) seeking a name
[EMAIL PROTECTED] wrote: I hadn't heard of AIS before. Sounds like it would make a nice additional authentication method. Part of my TODO is to abstract both the authentication and storage methods. I should be able to add this auth method after that (though, it doesn't offer any group based permissions, so that would still need handled locally). AIS provides an authenticated e-mail address, in one line near the start of a CGI program. I have built several access control lists based on it, setting up group based permissions implies dividing everyone into groups -- something that makes no sense until you know who you have. I looked over AIS::client... there are a lot of exit statements in there, and a lot of hardcoded HTML. It'd be nice if allowed the user of the module to handle those parts, and just supplied the information it would need (the full URL of the AIS server when needed, etc), just a thought. And if it returned some failure condition, it wouldn't have to exit(), and could allow the client to handle those errors. the exits are because the AIS client has to run several times during the initial handshake. It redirects, then exits, both to establish a session cookie and to redirect to the AIS server. When the session is established, it just looks up the identity and returns. The only thing the user sees from the AIS client module is the redirection pages. The AIS server provides the log-in interface. It might be a while before I get the authentication and storage methods abstracted (shouldn't be all that difficult, but it's not on the top of my TODO list right now). When I do, I'll definately look into AIS, and see if I can find similar resources out there. Wonderful. The dot-gnu authentication committee has abstracted authentication methods into a common interface, so if you want to pick up some pre-built wheels instead of reinventing all of them yourself there might be something useful in http://sourceforge.net/projects/macs -- [EMAIL PROTECTED] There's a fine line between participation and mockery -- Scott Adams
Re: New module - (session/authentication) seeking a name
And what does AIS stand for? Or did I miss that. Lincoln On Fri, 2004-05-14 at 19:50, David Nicol wrote: [EMAIL PROTECTED] wrote: I hadn't heard of AIS before. Sounds like it would make a nice additional authentication method. Part of my TODO is to abstract both the authentication and storage methods. I should be able to add this auth method after that (though, it doesn't offer any group based permissions, so that would still need handled locally). AIS provides an authenticated e-mail address, in one line near the start of a CGI program. I have built several access control lists based on it, setting up group based permissions implies dividing everyone into groups -- something that makes no sense until you know who you have. I looked over AIS::client... there are a lot of exit statements in there, and a lot of hardcoded HTML. It'd be nice if allowed the user of the module to handle those parts, and just supplied the information it would need (the full URL of the AIS server when needed, etc), just a thought. And if it returned some failure condition, it wouldn't have to exit(), and could allow the client to handle those errors. the exits are because the AIS client has to run several times during the initial handshake. It redirects, then exits, both to establish a session cookie and to redirect to the AIS server. When the session is established, it just looks up the identity and returns. The only thing the user sees from the AIS client module is the redirection pages. The AIS server provides the log-in interface. It might be a while before I get the authentication and storage methods abstracted (shouldn't be all that difficult, but it's not on the top of my TODO list right now). When I do, I'll definately look into AIS, and see if I can find similar resources out there. Wonderful. The dot-gnu authentication committee has abstracted authentication methods into a common interface, so if you want to pick up some pre-built wheels instead of reinventing all of them yourself there might be something useful in http://sourceforge.net/projects/macs
Re: New module - (session/authentication) seeking a name
mine is AIS::client which I can rename to match the others if you come up with a good name. I have not tested AIS::client with mp and presume it is broken there. Turning www::authen::simple into an AIS client would allow you to centralize your authentication. -- [EMAIL PROTECTED] I know you, junk mail. Gonna miss you when you're gone
Re: New module - (session/authentication) seeking a name
On Wed, 12 May 2004, David Nicol wrote: mine is AIS::client which I can rename to match the others if you come up with a good name. I have not tested AIS::client with mp and presume it is broken there. Turning www::authen::simple into an AIS client would allow you to centralize your authentication. I hadn't heard of AIS before. Sounds like it would make a nice additional authentication method. Part of my TODO is to abstract both the authentication and storage methods. I should be able to add this auth method after that (though, it doesn't offer any group based permissions, so that would still need handled locally). I looked over AIS::client... there are a lot of exit statements in there, and a lot of hardcoded HTML. It'd be nice if allowed the user of the module to handle those parts, and just supplied the information it would need (the full URL of the AIS server when needed, etc), just a thought. And if it returned some failure condition, it wouldn't have to exit(), and could allow the client to handle those errors. It might be a while before I get the authentication and storage methods abstracted (shouldn't be all that difficult, but it's not on the top of my TODO list right now). When I do, I'll definately look into AIS, and see if I can find similar resources out there. Thanks for the info, I don't think I would have found that without your link. -- Josh I.
Re: New module - (session/authentication) seeking a name
I've added tests, which also exposed a few bugs :-) An updated version is available here: http://www.purifieddata.net/pm/WWW-Authen-Simple-1.20.tar.gz -- Josh I. On Sat, 8 May 2004 [EMAIL PROTECTED] wrote: Hi all, I'd like to release a module I've been using/maintaining for a while. My name for it is currently: WWW::Authen::Simple I'm looking for naming suggestions, and feedback on the module (if anyone is interested in looking at it). It provides authentication via database, session handling (cookie based), and group based authorization with optional read/write bits on each group. It's also compatable with normal CGI scripts, mod_perl (1 and 2), and likely compatable with any webserver. It's goal is to provide a very simple API to handle sessions and authentication. I wrote it because I needed something simple to handle sessions, authentication, and authorization. Apache::Session just does sessions, and is tied to apache. CGI::Session is very flexable, but only does sessions. CGI::Session::Auth I probably could have worked off of, but there isn't much there at all, and I'd probably have to subclass it, and override just about every method. And there are others. I hadn't released it because there are so many other modules in the same realm. However, it has matured, and I think it offeres a unique way of doing things that others might find useful. The module is currently available at: http://www.purifieddata.net/pm/WWW-Authen-Simple-1.19.tar.gz Please note, I'll be adding tests to it before releasing (there are currently none). Thanks in advance, -- Josh I.