I actually think it'd be most beneficial for Dmitry and you to work on a
proposal together. There have been past instances where we have had community
members with similar proposals work together and figure it out.
I'm sure each of you has advantages and disadvantages in your work and together
you could figure out the best OpenId support on the net. This is a clear
situation where 1+1 could equal 3.
Andi
________________________________
From: Pádraic Brady [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 19, 2007 4:43 AM
To: Andi Gutmans
Cc: Zend Framework General
Subject: Re: [fw-general] The road to Zend_Service/Auth_Openid
Hi Andi,
A few years I go I started to practice a policy of rant-then-edit. I'd
write a fast and ranting post, wait two days, then edit out all the crap that
did nobody any good. So the blog post wasn't intended as a rant. I threw that
one into .trash on Saturday evening ;).
The main critical part in the blog post was my paragraph of comments on
what happened to provoke me into withdrawing my proposal. The main point being
the unfortunate realisation that nobody checked existing proposals before
committing to this one. I understand that OpenID 2.0 and Yadis are not
obviously linked to the ignorant barbarian horde ;) but nobody considered the
minimal research involved in finding it. The second critical mention was on the
Proposals Process. The process according to the Wiki starts with notification
and feedback from the mailing list. Something that was not done until I
revisited my own proposal on the mailing list Saturday.
That has since resulted in replies from yourself and Dmitry, and even
the posting of code for review, and presumably a proposal in mere days. Quite a
reaction. I feel like I poked a wasp nest and they're now buzzing around quite
agitated. I could have commented further but I stopped there in the blog and
turned to the more interesting topic of my approach to OpenID, what I hoped
Zend would replication, and what to do with my library outside the framework
since I might escape the delayed Proposal Review process.
I suppose the further issue if you want an elaboration (.trash'd before
it hit the blog) goes back to your original reply. I'm not sure you realise how
much it sounded like a dismissal. I was sitting in front of my email client
with an OpenID proposal a few months in the making sitting on my desktop ready
for the wiki (just waiting for that final feedback on format), and I get a
reply noting another project I never heard of is suddenly publishing theirs,
and telling me to feel free to review it - apparently ignorant of my own intent
to publish mine within days. Frustration barely covers it, maybe
"exasperation"? My mental thesaurus is offline today...not enough caffeine yet.
The main non-blogged point I figure is why should I not just stick my
OpenID proposal online? Is there some pressing reason why three days later, and
in a far more equanimous mood, I should wait an undetermined period for Zend's
proposal when I already have a set of such prepared, ready to rock, and backed
by fully functioning code I'm currently polishing and slapping a "New BSD"
sticker on? As I closed my blog post, I had begun to realise where the Zend
proposal was heading and it's nowhere close to where I am. And what I'm
considering now is that unless Zend has a proposal ready to go right now
there's no real reason I should consider mine dismissed except for questionable
wording in a few emails. In a real way, you guys are actually playing catch up.
In any case, 5 paragraphs is long enough for an email. So I'll sign off
here before I spout another umpteen pages. I'll have a chance to review
Dmitry's code this afternoon so I'll forward some comments around that time.
Best regards,
Paddy
P??draic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
----- Original Message ----
From: Andi Gutmans <[EMAIL PROTECTED]>
To: Dmitry Stogov <[EMAIL PROTECTED]>; P?Ҥraic Brady <[EMAIL PROTECTED]>
Cc: Zend Framework General <[email protected]>
Sent: Tuesday, June 19, 2007 1:45:04 AM
Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid
Padraic,
I read your blog posting and I just wanted to follow-up one more time
to clarify.
We have absolutely every intention to "eat our own caviar" (a.k.a "eat
our own dog food") and write an OpenId proposal which gives the community the
ability to provide us feedback on the work we've been doing. I will definitely
not allow anyone here including Dmitry to shortcut that process as I believe
it's key to the quality and collaborative goals of the project. This doesn't
only include the proposal process but also high quality unit testing and
documentation.
The reason why Dmitry started with implementation because there were
two internal goals to this project set by me. The first to see if we're missing
some functionality in core PHP (ext/openssl) in order to deliver good support
for identity management (OpenId was not the only system looked at as part of
that). Second, was to figure out the specification and create a proposal for
Zend Framework. Dmitry felt more comfortable writing the code and figuring out
both the former goal and the proposal as a derivative of that, i.e. sometimes
you need to get your hands dirty to figure stuff out. This was done with his
knowledge that at the end of that I would still require him to go through the
proposal process (which you probably saw from the docs in that .tar.gz that he
had already started working on and which he'll refine for the proposal). I'm
sure there'll be future work where Zend or community members might decide that
writing the code ahead of time will make it easier for them to write a
proposal. That's absolutely fine as long as it doesn't change the way we accept
contributions into the project and we don't loose our flexibility for making
changes as part of the proposal process. The same has happened in the past and
it's often a more convenient way of doing things, depending on what the actual
component/project is.
The only unfortunate issue in the process was that I didn't know there
was a parallel process in place or I would have encouraged him to touch base
with you. I don't get a chance to read all posts nor did I have any clue that
Yadis is in anyway related to OpenId as I was quite ignorant on the topic :'(
Anyway, I definitely respect you wanting to get your code out there. If
you are up to it it'd also be great if you can contribute on some of the other
missing pieces and provide feedback to Dmitry.
At the end of the day our goal is to deliver a high-quality and
easy-to-use framework which embraces best practices and can be broadly adopted.
The journey will have its bumps here and there but I think overall the
community and the framework team have done a great job in working towards the
goal within the framework of additional bureocracy this project has in order to
keep everything aligned with the goals.
Andi
________________________________
From: Dmitry Stogov [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 17, 2007 11:37 PM
To: 'P?Ҥraic Brady'
Cc: 'Zend Framework General'; Andi Gutmans
Subject: RE: [fw-general] The road to Zend_Service/Auth_Openid
Hi Padraic,
I've attached proposed implementation (I am going to post it to
ZF proposed WiKi).
It is near-full implementation of OpenID 2.0 authentication
protocol backward compatible with OpenID 1.1.
It still needs some work. Especially XRI and Yadis discovery
and SREG support, integration with Zend_Auth_...
I would very glad to hear your opinion on implementation as you
may have more experience with OpenID and ZendFramework.
Thanks. Dmitry.
-----Original Message-----
From: Andi Gutmans [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 16, 2007 7:02 PM
To: P?Ҥraic Brady
Cc: Zend Framework General; Dmitry Stogov
Subject: RE: [fw-general] The road to
Zend_Service/Auth_Openid
Hi Padraic,
Yes it's unfortunate and had I realized I would have
had Dmitry work with you on this. I didn't know very much re: OpenId so I had
no idea Yadis was connected.
Also, I asked one of our core PHP contributors to look
at this because I wanted to make sure that if we have to extend OpenSSL for
best support that we'd be able to do that (which would be a side benefit of
this project).
I'll ask Dmitry to connect with you and share the work
we have done. There's a chance there might be functionality like Yadis which we
haven't implemented yet.
Best,
Andi
________________________________
From: P??draic Brady [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 16, 2007 4:13 AM
To: Andi Gutmans
Cc: Zend Framework General
Subject: Re: [fw-general] The road to
Zend_Service/Auth_Openid
Hi Andi,
It started as an internal library so it's
advanced to 1.1 level and 2.0 is getting there. I had posted a
Zend_Service_Yadis proposal for the purpose (mainly as a standalone element
since OpenID adopted it but isn't specific to it) which should have tweaked
someone by now. I've been aware of Wez's patch - he had commented on the
original proposal on my blog. Having the god awfully slow DH in openssl with
PHP 5.3 will be great.
It's almost a curse when two groups have piled
ahead duplicating effort on such a library. The code I have is intended to be
open sourced so it seemed a natural fit given I've been using the framework so
much.
Hindsight being so easy, I wish this had been
disclosed before now. It's a little frustrating that mine has been informally
proposed to the list, discussed, blogged about several times, posted again to
the openid list as a heads up, and the Yadis portion even formally proposed on
the ZF Wiki and still nobody working on this effort picked up on it. It's been
sitting in plain sight since late February; a google search for "zend framework
openid" sticks me out like a sore thumb for the whole of page one. That's the
extent of my venting for today ;).
While I'm very disappointed something so
obvious was missed, C'est juste la vie. Under the assumption this is an
officially sponsored effort I withdraw my proposal and will assume the same for
Zend_Service_Yadis and the other components noted in my email. I now just need
to rethink how it enters the open source ecosystem outside the framework. I
have invested a too much time to its development to just let it sit on a
handful of servers as a write-off.
I will of course offer feedback on Dmitry's
proposal when it's published. I have had tons of feedback myself since starting
my own proposal effort and having a well designed PHP5 library (or two
apparently ;)) was a popular need.
Best of luck,
P??draic
P??draic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
----- Original Message ----
From: Andi Gutmans <[EMAIL PROTECTED]>
To: P??draic Brady <[EMAIL PROTECTED]>; Zend
Framework General <[email protected]>
Cc: Dmitry Stogov <[EMAIL PROTECTED]>
Sent: Saturday, June 16, 2007 6:29:18 AM
Subject: RE: [fw-general] The road to
Zend_Service/Auth_Openid
Hi Padraic,
I didn't realize you have been working on this
(I must have missed the post).
We have already made very good progress in
implementing both OpenId 2.0 compliant client and server. This includes patches
to ext/openssl (for future inclusion in PHP) and for those who don't get the
updated version both GMP and BCMath support (you are right the latter is
awefully slow).
Dmitry (cc'ed) has been spearheading this and
is just working on posting a proposal on the Wiki. It'd be great if you can
review both the proposal and give us feedback and also look at the code and see
if you think there's anything we should improve.
I appreciate your efforts and am looking
forward to having you in the feedback loop!
Best,
Andi
________________________________
From: P??draic Brady [mailto:[EMAIL
PROTECTED]
Sent: Friday, June 15, 2007 3:45 PM
To: Zend Framework General
Subject: [fw-general] The road to
Zend_Service/Auth_Openid
Hi all,
As posted a few months back, I had
started working on a PHP5 OpenID library that I wished to port to the framework
since it seemed a reasonable addition given our web app focus. Given the
complexity of OpenID as a distributed authentication service there are numerous
components. Each by itself is actually not that hard, most of the problem is
putting them together with a solid set of integration tests.
These include wrappers for large
integer (> 32 bits) libraries since bcmath alone is awfully slow for this
compared to gmp, cryptographic algorithms, and even a separate extensible web
service (already proposed on the wiki). The list of possible sub-components
that could feasibly get started with include:
Zend_Service_Yadis
Zend_Crypt_DiffieHellman
Zend_Crypt_Rsa
Zend_Crypt_Hmac
Zend_Crypt_Xtea
Zend_Math_BigInteger
An actual Zend_Service_Openid would
need all of the above as well as general file parsers. I was looking for an
opinion as to whether these are acceptable as individual proposals. It seems to
make sense rendering OpenID into it's reusable constituent parts rather lumping
everything (and inevitably burying/hiding it) into the Openid namespace. I
don't want to go spamming the wiki with 6+ proposals until I get a little
feedback either :).
Any thoughts/comments on this, or
OpenID in the ZF in general, are appreciated. :) The primary goal is to
implement OpenID 1.1 and 2.0 to the extent necessary to authenticate. The basis
of an OpenID server can be considered after.
Paddy
P??draic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
________________________________
Food fight?
<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396545367>
Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.
<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTEwOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&sid=396545367>
________________________________
Yahoo! oneSearch: Finally, mobile search that
gives answers
<http://us.rd.yahoo.com/evt=48252/*http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC>
, not web links.
________________________________
We won't tell. Get more on shows you hate to love
<http://us.rd.yahoo.com/evt=49980/*http://tv.yahoo.com/collections/265>
(and love to hate): Yahoo! TV's Guilty Pleasures list.
<http://us.rd.yahoo.com/evt=49980/*http://tv.yahoo.com/collections/265>
