I would be glad to use your Yadis/XRI implementation. Dmitry,
-----Original Message----- From: Pбdraic Brady [mailto:[EMAIL PROTECTED] Sent: Monday, June 18, 2007 12:22 PM To: Dmitry Stogov Cc: Zend Framework General Subject: Re: [fw-general] The road to Zend_Service/Auth_Openid --> Hi Dmitry, I'll scan through the code during the week. In the meantime, if you are interested I can forward a copy of my own Yadis/XRI work. The current New BSD licensed copy is slightly out of sync with my internal code, but the major components are present and it might help "point the way" so to speak. >From what I remember the OS copy had some issues running a final XPath query to collect the ID Server URI to send auth/association requests to. It was being worked around using the simple mechanic of directly accessing the URI element. The only other issue thereafter was ensuring priorities were adhered to. If the current Zend_Service_Yadis (see proposals wiki) still has value outside your current work, and can indeed help it along I can leave it as a Proposal so it's available. As it stands it's not directly specific to OpenID, and is a more general implementation of the full Yadis 1.0 spec. Still pretty easy to use it for OpenID. The current API would call for something like: /** * Commence Association; the act of establishing a shared secret key for * encrypting subsequent communication. * The Claimed Identifier (user's URL) is used to locate the Identity * Provider server with which to associate using an OpenID 1.1 backwards * compatible Yadis Protocol. * * @param string $claimedIdentifier * @return void */ public function associate($claimedIdentifier) { if (!is_null($claimedIdentifier)) { $this->setClaimedIdentifier($claimedIdentifier); } if ($this->_hasCachedAssociation()) { return $this->_getCachedAssociation(); } $association = new Zend_Service_Openid_Association(); /** * Commence discovery; using the openid XML namespace for Yadis */ $yadis = new Zend_Service_Yadis($this->getClaimedIdentifier()); $yadis->addNamespace('openid', 'http://openid.net/xmlns/1.0'); $serviceList = $yadis->discover(); /** * Need to verify Yadis priorities here in next version but for now * it *should* be that array[0] is the foremost. */ $services = $serviceList->current(); $priorityService = array_shift($services); $requestUri = (string) $priorityService->getXmlObject()->URI; /** * Perform remote server call to commence association with the discovered * OpenID Identity Provider Server. Should receive back a 200 response * with Key-Value pairings in plain text. * This may cache the association data to a File/DB store. */ $result = $association->associate($requestUri); if (!$result->isSuccessful()) { throw new Zend_Service_Openid_Exception('Association failed; ' . $result->getError()); } $this->_cacheAssociation( $result->getAssociationData() ); return $result->getAssociationData(); } Regards, P?draic P?draic Brady http://blog.astrumfutura.com http://www.patternsforphp.com ----- Original Message ---- From: Dmitry Stogov <[EMAIL PROTECTED]> To: Pбdraic Brady <[EMAIL PROTECTED]> Cc: Zend Framework General <[email protected]>; Andi Gutmans <[EMAIL PROTECTED]> Sent: Monday, June 18, 2007 7:37:00 AM Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid Hi Padraic, I've attached proposed implementation (I am going to post it to ZF proposed WiKi). It is near-full implementation of OpenID 2.0 authentication protocol backward compatible with OpenID 1.1. It still needs some work. Especially XRI and Yadis discovery and SREG support, integration with Zend_Auth_... I would very glad to hear your opinion on implementation as you may have more experience with OpenID and ZendFramework. Thanks. Dmitry. -----Original Message----- From: Andi Gutmans [mailto:[EMAIL PROTECTED] Sent: Saturday, June 16, 2007 7:02 PM To: Pбdraic Brady Cc: Zend Framework General; Dmitry Stogov Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid Hi Padraic, Yes it's unfortunate and had I realized I would have had Dmitry work with you on this. I didn't know very much re: OpenId so I had no idea Yadis was connected. Also, I asked one of our core PHP contributors to look at this because I wanted to make sure that if we have to extend OpenSSL for best support that we'd be able to do that (which would be a side benefit of this project). I'll ask Dmitry to connect with you and share the work we have done. There's a chance there might be functionality like Yadis which we haven't implemented yet. Best, Andi _____ From: P?draic Brady [mailto:[EMAIL PROTECTED] Sent: Saturday, June 16, 2007 4:13 AM To: Andi Gutmans Cc: Zend Framework General Subject: Re: [fw-general] The road to Zend_Service/Auth_Openid Hi Andi, It started as an internal library so it's advanced to 1.1 level and 2.0 is getting there. I had posted a Zend_Service_Yadis proposal for the purpose (mainly as a standalone element since OpenID adopted it but isn't specific to it) which should have tweaked someone by now. I've been aware of Wez's patch - he had commented on the original proposal on my blog. Having the god awfully slow DH in openssl with PHP 5.3 will be great. It's almost a curse when two groups have piled ahead duplicating effort on such a library. The code I have is intended to be open sourced so it seemed a natural fit given I've been using the framework so much. Hindsight being so easy, I wish this had been disclosed before now. It's a little frustrating that mine has been informally proposed to the list, discussed, blogged about several times, posted again to the openid list as a heads up, and the Yadis portion even formally proposed on the ZF Wiki and still nobody working on this effort picked up on it. It's been sitting in plain sight since late February; a google search for "zend framework openid" sticks me out like a sore thumb for the whole of page one. That's the extent of my venting for today ;). While I'm very disappointed something so obvious was missed, C'est juste la vie. Under the assumption this is an officially sponsored effort I withdraw my proposal and will assume the same for Zend_Service_Yadis and the other components noted in my email. I now just need to rethink how it enters the open source ecosystem outside the framework. I have invested a too much time to its development to just let it sit on a handful of servers as a write-off. I will of course offer feedback on Dmitry's proposal when it's published. I have had tons of feedback myself since starting my own proposal effort and having a well designed PHP5 library (or two apparently ;)) was a popular need. Best of luck, P?draic P?draic Brady http://blog.astrumfutura.com http://www.patternsforphp.com ----- Original Message ---- From: Andi Gutmans <[EMAIL PROTECTED]> To: P?draic Brady <[EMAIL PROTECTED]>; Zend Framework General <[email protected]> Cc: Dmitry Stogov <[EMAIL PROTECTED]> Sent: Saturday, June 16, 2007 6:29:18 AM Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid Hi Padraic, I didn't realize you have been working on this (I must have missed the post). We have already made very good progress in implementing both OpenId 2.0 compliant client and server. This includes patches to ext/openssl (for future inclusion in PHP) and for those who don't get the updated version both GMP and BCMath support (you are right the latter is awefully slow). Dmitry (cc'ed) has been spearheading this and is just working on posting a proposal on the Wiki. It'd be great if you can review both the proposal and give us feedback and also look at the code and see if you think there's anything we should improve. I appreciate your efforts and am looking forward to having you in the feedback loop! Best, Andi _____ From: P?draic Brady [mailto:[EMAIL PROTECTED] Sent: Friday, June 15, 2007 3:45 PM To: Zend Framework General Subject: [fw-general] The road to Zend_Service/Auth_Openid Hi all, As posted a few months back, I had started working on a PHP5 OpenID library that I wished to port to the framework since it seemed a reasonable addition given our web app focus. Given the complexity of OpenID as a distributed authentication service there are numerous components. Each by itself is actually not that hard, most of the problem is putting them together with a solid set of integration tests. These include wrappers for large integer (> 32 bits) libraries since bcmath alone is awfully slow for this compared to gmp, cryptographic algorithms, and even a separate extensible web service (already proposed on the wiki). The list of possible sub-components that could feasibly get started with include: Zend_Service_Yadis Zend_Crypt_DiffieHellman Zend_Crypt_Rsa Zend_Crypt_Hmac Zend_Crypt_Xtea Zend_Math_BigInteger An actual Zend_Service_Openid would need all of the above as well as general file parsers. I was looking for an opinion as to whether these are acceptable as individual proposals. It seems to make sense rendering OpenID into it's reusable constituent parts rather lumping everything (and inevitably burying/hiding it) into the Openid namespace. I don't want to go spamming the wiki with 6+ proposals until I get a little feedback either :). Any thoughts/comments on this, or OpenID in the ZF in general, are appreciated. :) The primary goal is to implement OpenID 1.1 and 2.0 to the extent necessary to authenticate. The basis of an OpenID server can be considered after. Paddy P?draic Brady http://blog.astrumfutura.com http://www.patternsforphp.com _____ Food fight? <http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOAR fcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=39654 5367> Enjoy some healthy debate in the Yahoo! Answers Food <http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOAR fcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=39654 5367> & Drink Q&A. _____ Yahoo! oneSearch: Finally, mobile search that gives answers <http://us.rd.yahoo.com/evt=48252/*http://mobile.yahoo.com/mobileweb/onesear ch?refer=1ONXIC> , not web links. _____ Be a PS3 game guru. Get your game face on with the <http://us.rd.yahoo.com/evt=49936/*http://videogames.yahoo.com> latest PS3 news and previews at Yahoo! Games.
