Padraic,
I read your blog posting and I just wanted to follow-up one more time to
clarify.
We have absolutely every intention to "eat our own caviar" (a.k.a "eat our own
dog food") and write an OpenId proposal which gives the community the ability
to provide us feedback on the work we've been doing. I will definitely not
allow anyone here including Dmitry to shortcut that process as I believe it's
key to the quality and collaborative goals of the project. This doesn't only
include the proposal process but also high quality unit testing and
documentation.
The reason why Dmitry started with implementation because there were two
internal goals to this project set by me. The first to see if we're missing
some functionality in core PHP (ext/openssl) in order to deliver good support
for identity management (OpenId was not the only system looked at as part of
that). Second, was to figure out the specification and create a proposal for
Zend Framework. Dmitry felt more comfortable writing the code and figuring out
both the former goal and the proposal as a derivative of that, i.e. sometimes
you need to get your hands dirty to figure stuff out. This was done with his
knowledge that at the end of that I would still require him to go through the
proposal process (which you probably saw from the docs in that .tar.gz that he
had already started working on and which he'll refine for the proposal). I'm
sure there'll be future work where Zend or community members might decide that
writing the code ahead of time will make it easier for them to write a
proposal. That's absolutely fine as long as it doesn't change the way we accept
contributions into the project and we don't loose our flexibility for making
changes as part of the proposal process. The same has happened in the past and
it's often a more convenient way of doing things, depending on what the actual
component/project is.
The only unfortunate issue in the process was that I didn't know there was a
parallel process in place or I would have encouraged him to touch base with
you. I don't get a chance to read all posts nor did I have any clue that Yadis
is in anyway related to OpenId as I was quite ignorant on the topic :'(
Anyway, I definitely respect you wanting to get your code out there. If you are
up to it it'd also be great if you can contribute on some of the other missing
pieces and provide feedback to Dmitry.
At the end of the day our goal is to deliver a high-quality and easy-to-use
framework which embraces best practices and can be broadly adopted. The journey
will have its bumps here and there but I think overall the community and the
framework team have done a great job in working towards the goal within the
framework of additional bureocracy this project has in order to keep everything
aligned with the goals.
Andi
________________________________
From: Dmitry Stogov [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 17, 2007 11:37 PM
To: 'Pбdraic Brady'
Cc: 'Zend Framework General'; Andi Gutmans
Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid
Hi Padraic,
I've attached proposed implementation (I am going to post it to ZF
proposed WiKi).
It is near-full implementation of OpenID 2.0 authentication protocol
backward compatible with OpenID 1.1.
It still needs some work. Especially XRI and Yadis discovery and SREG
support, integration with Zend_Auth_...
I would very glad to hear your opinion on implementation as you may
have more experience with OpenID and ZendFramework.
Thanks. Dmitry.
-----Original Message-----
From: Andi Gutmans [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 16, 2007 7:02 PM
To: Pбdraic Brady
Cc: Zend Framework General; Dmitry Stogov
Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid
Hi Padraic,
Yes it's unfortunate and had I realized I would have had Dmitry
work with you on this. I didn't know very much re: OpenId so I had no idea
Yadis was connected.
Also, I asked one of our core PHP contributors to look at this
because I wanted to make sure that if we have to extend OpenSSL for best
support that we'd be able to do that (which would be a side benefit of this
project).
I'll ask Dmitry to connect with you and share the work we have
done. There's a chance there might be functionality like Yadis which we haven't
implemented yet.
Best,
Andi
________________________________
From: Pádraic Brady [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 16, 2007 4:13 AM
To: Andi Gutmans
Cc: Zend Framework General
Subject: Re: [fw-general] The road to
Zend_Service/Auth_Openid
Hi Andi,
It started as an internal library so it's advanced to
1.1 level and 2.0 is getting there. I had posted a Zend_Service_Yadis proposal
for the purpose (mainly as a standalone element since OpenID adopted it but
isn't specific to it) which should have tweaked someone by now. I've been aware
of Wez's patch - he had commented on the original proposal on my blog. Having
the god awfully slow DH in openssl with PHP 5.3 will be great.
It's almost a curse when two groups have piled ahead
duplicating effort on such a library. The code I have is intended to be open
sourced so it seemed a natural fit given I've been using the framework so much.
Hindsight being so easy, I wish this had been disclosed
before now. It's a little frustrating that mine has been informally proposed to
the list, discussed, blogged about several times, posted again to the openid
list as a heads up, and the Yadis portion even formally proposed on the ZF Wiki
and still nobody working on this effort picked up on it. It's been sitting in
plain sight since late February; a google search for "zend framework openid"
sticks me out like a sore thumb for the whole of page one. That's the extent of
my venting for today ;).
While I'm very disappointed something so obvious was
missed, C'est juste la vie. Under the assumption this is an officially
sponsored effort I withdraw my proposal and will assume the same for
Zend_Service_Yadis and the other components noted in my email. I now just need
to rethink how it enters the open source ecosystem outside the framework. I
have invested a too much time to its development to just let it sit on a
handful of servers as a write-off.
I will of course offer feedback on Dmitry's proposal
when it's published. I have had tons of feedback myself since starting my own
proposal effort and having a well designed PHP5 library (or two apparently ;))
was a popular need.
Best of luck,
Pádraic
Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
----- Original Message ----
From: Andi Gutmans <[EMAIL PROTECTED]>
To: Pádraic Brady <[EMAIL PROTECTED]>; Zend Framework
General <[email protected]>
Cc: Dmitry Stogov <[EMAIL PROTECTED]>
Sent: Saturday, June 16, 2007 6:29:18 AM
Subject: RE: [fw-general] The road to
Zend_Service/Auth_Openid
Hi Padraic,
I didn't realize you have been working on this (I must
have missed the post).
We have already made very good progress in implementing
both OpenId 2.0 compliant client and server. This includes patches to
ext/openssl (for future inclusion in PHP) and for those who don't get the
updated version both GMP and BCMath support (you are right the latter is
awefully slow).
Dmitry (cc'ed) has been spearheading this and is just
working on posting a proposal on the Wiki. It'd be great if you can review both
the proposal and give us feedback and also look at the code and see if you
think there's anything we should improve.
I appreciate your efforts and am looking forward to
having you in the feedback loop!
Best,
Andi
________________________________
From: Pádraic Brady [mailto:[EMAIL PROTECTED]
Sent: Friday, June 15, 2007 3:45 PM
To: Zend Framework General
Subject: [fw-general] The road to
Zend_Service/Auth_Openid
Hi all,
As posted a few months back, I had started
working on a PHP5 OpenID library that I wished to port to the framework since
it seemed a reasonable addition given our web app focus. Given the complexity
of OpenID as a distributed authentication service there are numerous
components. Each by itself is actually not that hard, most of the problem is
putting them together with a solid set of integration tests.
These include wrappers for large integer (> 32
bits) libraries since bcmath alone is awfully slow for this compared to gmp,
cryptographic algorithms, and even a separate extensible web service (already
proposed on the wiki). The list of possible sub-components that could feasibly
get started with include:
Zend_Service_Yadis
Zend_Crypt_DiffieHellman
Zend_Crypt_Rsa
Zend_Crypt_Hmac
Zend_Crypt_Xtea
Zend_Math_BigInteger
An actual Zend_Service_Openid would need all of
the above as well as general file parsers. I was looking for an opinion as to
whether these are acceptable as individual proposals. It seems to make sense
rendering OpenID into it's reusable constituent parts rather lumping everything
(and inevitably burying/hiding it) into the Openid namespace. I don't want to
go spamming the wiki with 6+ proposals until I get a little feedback either :).
Any thoughts/comments on this, or OpenID in the
ZF in general, are appreciated. :) The primary goal is to implement OpenID 1.1
and 2.0 to the extent necessary to authenticate. The basis of an OpenID server
can be considered after.
Paddy
Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
________________________________
Food fight?
<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396545367>
Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.
<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396545367>
________________________________
Yahoo! oneSearch: Finally, mobile search that gives
answers
<http://us.rd.yahoo.com/evt=48252/*http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC>
, not web links.
