Hi Dmitry,
I'll scan through the code during the week. In the meantime, if you are
interested I can forward a copy of my own Yadis/XRI work. The current New BSD
licensed copy is slightly out of sync with my internal code, but the major
components are present and it might help "point the way" so to speak.
From what I remember the OS copy had some issues running a final XPath query to
collect the ID Server URI to send auth/association requests to. It was being
worked around using the simple mechanic of directly accessing the URI element.
The only other issue thereafter was ensuring priorities were adhered to.
If the current Zend_Service_Yadis (see proposals wiki) still has value outside
your current work, and can indeed help it along I can leave it as a Proposal so
it's available. As it stands it's not directly specific to OpenID, and is a
more general implementation of the full Yadis 1.0 spec. Still pretty easy to
use it for OpenID. The current API would call for something like:
/**
* Commence Association; the act of establishing a shared secret key for
* encrypting subsequent communication.
* The Claimed Identifier (user's URL) is used to locate the Identity
* Provider server with which to associate using an OpenID 1.1 backwards
* compatible Yadis Protocol.
*
* @param string $claimedIdentifier
* @return void
*/
public function associate($claimedIdentifier)
{
if (!is_null($claimedIdentifier)) {
$this->setClaimedIdentifier($claimedIdentifier);
}
if ($this->_hasCachedAssociation()) {
return $this->_getCachedAssociation();
}
$association = new Zend_Service_Openid_Association();
/**
* Commence discovery; using the openid XML namespace for Yadis
*/
$yadis = new Zend_Service_Yadis($this->getClaimedIdentifier());
$yadis->addNamespace('openid', 'http://openid.net/xmlns/1.0');
$serviceList = $yadis->discover();
/**
* Need to verify Yadis priorities here in next version but for now
* it *should* be that array[0] is the foremost.
*/
$services = $serviceList->current();
$priorityService = array_shift($services);
$requestUri = (string) $priorityService->getXmlObject()->URI;
/**
* Perform remote server call to commence association with the
discovered
* OpenID Identity Provider Server. Should receive back a 200 response
* with Key-Value pairings in plain text.
* This may cache the association data to a File/DB store.
*/
$result = $association->associate($requestUri);
if (!$result->isSuccessful()) {
throw new Zend_Service_Openid_Exception('Association failed; ' .
$result->getError());
}
$this->_cacheAssociation( $result->getAssociationData() );
return $result->getAssociationData();
}
Regards,
Pádraic
Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
----- Original Message ----
From: Dmitry Stogov <[EMAIL PROTECTED]>
To: Pбdraic Brady <[EMAIL PROTECTED]>
Cc: Zend Framework General <[email protected]>; Andi Gutmans <[EMAIL
PROTECTED]>
Sent: Monday, June 18, 2007 7:37:00 AM
Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid
Message
DIV {
MARGIN:0px;}
Hi
Padraic,
I've
attached proposed implementation (I am going to post it to ZF proposed
WiKi).
It is
near-full implementation of OpenID 2.0 authentication protocol backward
compatible with OpenID 1.1.
It
still needs some work. Especially XRI and Yadis discovery and SREG support,
integration with Zend_Auth_...
I
would very glad to hear your opinion on implementation as you may have more
experience with OpenID and ZendFramework.
Thanks. Dmitry.
-----Original Message-----
From: Andi Gutmans
[mailto:[EMAIL PROTECTED]
Sent: Saturday, June 16, 2007 7:02
PM
To: Pбdraic Brady
Cc: Zend Framework General; Dmitry
Stogov
Subject: RE: [fw-general] The road to
Zend_Service/Auth_Openid
Hi
Padraic,
Yes it's
unfortunate and had I realized I would have had Dmitry work with you on this.
I didn't know very much re: OpenId so I had no idea Yadis was
connected.
Also, I asked one
of our core PHP contributors to look at this because I wanted to make sure
that if we have to extend OpenSSL for best support that we'd be able to do
that (which would be a side benefit of this project).
I'll ask Dmitry to
connect with you and share the work we have done. There's a chance there
might
be functionality like Yadis which we haven't implemented
yet.
Best,
Andi
From: Pádraic Brady
[mailto:[EMAIL PROTECTED]
Sent: Saturday, June 16, 2007
4:13 AM
To: Andi Gutmans
Cc: Zend Framework
General
Subject: Re: [fw-general] The road to
Zend_Service/Auth_Openid
Hi
Andi,
It started as an internal library so it's advanced to 1.1 level
and 2.0 is getting there. I had posted a Zend_Service_Yadis proposal for
the
purpose (mainly as a standalone element since OpenID adopted it but isn't
specific to it) which should have tweaked someone by now. I've been aware
of
Wez's patch - he had commented on the original proposal on my blog. Having
the god awfully slow DH in openssl with PHP 5.3 will be great.
It's
almost a curse when two groups have piled ahead duplicating effort on such
a
library. The code I have is intended to be open sourced so it seemed a
natural fit given I've been using the framework so much.
Hindsight
being so easy, I wish this had been disclosed before now. It's a little
frustrating that mine has been informally proposed to the list, discussed,
blogged about several times, posted again to the openid list as a heads up,
and the Yadis portion even formally proposed on the ZF Wiki and still
nobody
working on this effort picked up on it. It's been sitting in plain sight
since late February; a google search for "zend framework openid" sticks me
out like a sore thumb for the whole of page one. That's the extent of my
venting for today ;).
While I'm very disappointed something so
obvious was missed, C'est juste la vie. Under the assumption this is an
officially sponsored effort I withdraw my proposal and will assume the same
for Zend_Service_Yadis and the other components noted in my email. I now
just need to rethink how it enters the open source ecosystem outside the
framework. I have invested a too much time to its development to just let
it
sit on a handful of servers as a write-off.
I will of course offer
feedback on Dmitry's proposal when it's published. I have had tons of
feedback myself since starting my own proposal effort and having a well
designed PHP5 library (or two apparently ;)) was a popular need.
Best
of luck,
Pádraic
Pádraic
Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
-----
Original Message ----
From: Andi Gutmans <[EMAIL PROTECTED]>
To:
Pádraic Brady <[EMAIL PROTECTED]>; Zend Framework General
<[email protected]>
Cc: Dmitry Stogov
<[EMAIL PROTECTED]>
Sent: Saturday, June 16, 2007 6:29:18
AM
Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid
DIV {
MARGIN:0px;}
Hi
Padraic,
I didn't realize you have been working
on this (I must have missed the post).
We have already made very good progress in
implementing both OpenId 2.0 compliant client and server. This includes
patches to ext/openssl (for future inclusion in PHP) and for those who
don't
get the updated version both GMP and BCMath support (you are right the
latter is awefully slow).
Dmitry
(cc'ed) has been spearheading this and is just working on posting a
proposal
on the Wiki. It'd be great if you can review both the proposal and give us
feedback and also look at the code and see if you think there's anything we
should improve.
I
appreciate your efforts and am looking forward to having you in the
feedback
loop!
Best,
Andi
From: Pádraic Brady
[mailto:[EMAIL PROTECTED]
Sent: Friday, June 15, 2007
3:45 PM
To: Zend Framework General
Subject:
[fw-general] The road to Zend_Service/Auth_Openid
Hi
all,
As posted a few months back, I had started working on a PHP5
OpenID library that I wished to port to the framework since it seemed a
reasonable addition given our web app focus. Given the complexity of
OpenID as a distributed authentication service there are numerous
components. Each by itself is actually not that hard, most of the problem
is putting them together with a solid set of integration
tests.
These include wrappers for large integer (> 32 bits)
libraries since bcmath alone is awfully slow for this compared to gmp,
cryptographic algorithms, and even a separate extensible web service
(already proposed on the wiki). The list of possible sub-components that
could feasibly get started with
include:
Zend_Service_Yadis
Zend_Crypt_DiffieHellman
Zend_Crypt_Rsa
Zend_Crypt_Hmac
Zend_Crypt_Xtea
Zend_Math_BigInteger
An
actual Zend_Service_Openid would need all of the above as well as general
file parsers. I was looking for an opinion as to whether these are
acceptable as individual proposals. It seems to make sense rendering
OpenID into it's reusable constituent parts rather lumping everything
(and
inevitably burying/hiding it) into the Openid namespace. I don't want to
go spamming the wiki with 6+ proposals until I get a little feedback
either :).
Any thoughts/comments on this, or OpenID in the ZF in
general, are appreciated. :) The primary goal is to implement OpenID 1.1
and 2.0 to the extent necessary to authenticate. The basis of an OpenID
server can be considered after.
Paddy
Pádraic
Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
Food fight? Enjoy some healthy debate
in
the Yahoo! Answers Food & Drink
Q&A.
Yahoo! oneSearch: Finally, mobile
search that gives answers, not web links.
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo!
FareChase.
http://farechase.yahoo.com/
