Monday, January 22. 2007Hello. Is There Anybody in There?
Recently I have wondered whether using InfoCards can help reduce the amount of comment spam. Granted, I am fully aware they are not meant to solve the spam problem, but I was still curious about their effectiveness. Comment spam is a constant nuisance for both bloggers and forum owners. It is so bad that typically either the ability to leave comments is turned off or user registration to the site is required. In InfoCard terms, I will be using self-issued cards (probably the most common type that will be seen for this use) as the means of authentication. Unlike managed cards where the blog or forum site would trust a third party to validate claims, the site would simply be trusting the claims made by the end user. This is really no different than current registration schemes where the user just types in their information.
In addition to the requested user information, the site generally verifies the email address provided to insure that the submitting user controls the particular address. This holds true whether an InfoCard or traditional method is used. Email verification is usually performed by the site sending an email to the submitted address with a link, containing some identifier, that the user must click on or navigate to to verify their address. Once this is done, the site has verified the user's registration and allows the user to now login and add comments or post to the forum. This past weekend, I wondered how easy it would be to automate this process (of course using PHP) with InfoCards and let me create comment spam. Needless to say that I found it quite easy and realized how important that the human factor must be taken into account. This means that I need to make sure I am verifying the registration of a LIVE person and not some automated routine. With the traditional method of user registration (you know where you actually have to type in all your information), it is common to have some form of captcha, making it very difficult create an automated process that is able to create a registration. Using InfoCards, there is no typing. Simply click on an image, select your card within the selector and the selector automatically submits it. Continue reading "Hello. Is There Anybody in There?" Wednesday, January 17. 2007Identity and client sided protection
I have recently been reading the discussions between Kim Cameron and Dick Hardt, not to mention the outside commentary as well, concerning the use of client sided security and where it fits in. I found this very interesting due to the fact that when I initially began playing with InfoCards, this was one of the features that drew me in. I am neither an identity nor security expert, nor have I had much time to play around with OpenID (that will be changing soon), so I am going to assume my final understanding of what I read is correct and that OpenID currently needs an additional third-party plug-in to perform the same client sided security as InfoCards. If I am incorrect in this assumption, someone please correct me.
If this really is the identity revolution, power to the people and all that jazz, then it really needs to be done correctly from the start. Personally, how it all works or what protocols are used is of much lesser concern to me than what will happen when the technology gets in the hands of my Dad. You can all stop wondering WTF I am talking about as I'll elaborate on that. Continue reading "Identity and client sided protection" Thursday, December 28. 2006System Upgrades
People have been wondering why my server has been going up and down since Christmas morning. It hasn't been hacked or anything along those lines. I do want to thank everyone who was worried about that and offering temporary space/hosting until I got things resolved. This is not really how I wanted to spend my Christmas, but I figured it was the best time for maintenance. My server will probably be up and down a few more times this week until I finally finish everything (hopefully by the end of the week).
Updated 1/17/2007: Holy S*%$#, I just got a call that they are still working on it! Updated 1/10/2007: This is taking them forever as its still in progress and my server is now a bit of a mess from it :/. All I need is the server installed with an OS. Can it really take them this long???? I have been running Red Hat 9 for quite some time now and decided it was finally time to upgrade it to a more recent Fedora release. The biggest reason for this was when I tried to build PHP 5.2 on it. The XSL extension now requires a 1.1.x version (the 1.1.x versions have been out for a couple of years) - yet my installed version was of the 1.0.x line. On the other hand, I have kept the libxml2 libraries up to date. I figured it was time to bring them both up to the latest versions, so went about to build some rpms - just to keep things in synch. Come to find out the newer libxml2 needs a newer version of python than what I had installed on my server. I really didnt want to build libxml2 and libxslt without python support and trying to update python and all the rpm dependencies was going to be a real nightmare, so I figured an OS upgrade would get me up to date with everything more easily (and this is where things got fun). This is a remote dedicated server so I all I had was my handle terminal window and the yum command line tool. I found some great reference material on upgrading from older RH releases to recent Fedora releases. One worth mentioning can be found here (be sure to read everything including notes about a specific upgrade before attempting). It was pretty straight forward and worked other than an issue which I spent a few days tracking down. Trying to speed things up a bit I upgraded from RH 9 directly to Fedora Core 2. The instructions for the Core 3 upgrade seemed a bit longer so I was going to do that as a small incremental from 2=>3. Upgrade went very smooth and quick, with a successful reboot showing me the nice Fedora Core 2 indicator. The one thing I hadn't done yet was to boot into the new kernel. The server was still running the 2.4.25 kernel and not the 2.6.10 one from the FC2 upgrade. I have done a number of upgrades from RH to FC including a test run on a different machine going from RH9 to FC2 using yum and encountered no problems. I never imagine I would run into a problem and blindly set lilo to boot into the 2.6.10 kernel as its default and rebooted. BIG MISTAKE: I will never blindly set a default kernel again without at least a test boot into it. Continue reading "System Upgrades" Tuesday, December 12. 2006xmldap Firefox identity selector
Yesterday I upgraded my firefox identity selector plugin to find an interesting new addition. Of course I'm not talking about the managed card support added last month, or that the missing plugin dialog no longer appears, or even the fact that this plugin runs on both my Windows and Fedora 5 x86_64 machines. No..... instead, what caught my attention was the callout to the form button that kicks off the selector (Go figure).
Anyone who has looked at my registration or login page might have noticed that I really suck at graphics and all that I have is a tiny button labeled enter. Not very informative on its purpose, eh? After installing the latest version of the plugin (0.8.5 at the time - a lot of activity happening so this might already be outdated), I was pleasantly surprised to find my page looked a little different. If you look at the screenshot to the left, you should notice the "What's this?" callout in green. The plugin automatically added this to callout my infocard enabled form. Currently clicking on the image is still a work in progress. It pops up a box where additional information about infocards will be provided and allows the callout to be turned off. Right now it can only be disabled for the current session. Once firefox is restarted, it will appear again. In any case I think its a great feature. There is no current standard image for indicating the login, so if you are graphically challenged like me then it at least provides people with an indication of what your button is for. The one feature I am really waiting for is the ability to backup and restore infocards using the plugin. Chuck Mortimer recently added the code and utility for working with a Windows Cardspace backup file. Hopefully this feature will be added to the plugin so that I will be able to share my cards between Windows Cardspace (the selector when using IE 7) and firefox (on all my platforms). Currently when using Windows I prefer to use Windows Cardspace just for the fact that it is feature rich, but don't have that option when using Fedora. With the rate features are being added to the firefox plugin though, it shouldn't be too long before it's going head-to-head with Cardspace (at least feature wise). Monday, December 11. 2006DRM ruined my weekend
I recently had a computer here crap out on me. Rather than wasting time trying to figure out what piece of hardware was the actual culprit, I took the easy route and just swapped out my old computer (just built a snazzy new Core 2 Duo system) with the old one. My wife wanted to keep all her old programs, data, settings, etc... so I just installed her old hard drive into the other system. After a few reboots to get all the different hardware working under Windows XP, everything seemed to be working fine (other than some issue with the USB only wanting to operate in 1.1 mode instead of 2.0 - but I digress), other than having to re-activate XP (doing this one would assume would resolve any type of issues of hardware migration, but noooo....That would be too easy). We listen to a lot of music so the last thing I made sure was working was her Rhapsody and its syncing with her portable player. Things didn't go too smoothly here....
Upon starting up the Rhapsody player, I was presented with this nice message about corrupt licenses with a link to the MS help system. At this point I figured things shouldn't be too bad. I knew I was going to have some issue after replacing all the hardware and I was conveniently lead to a help file on how to resolve the issue. Of course it couldn't be this easy. After being lead through a maze of hot fixes (it was required that they all be applied to resolve this issue), I finally rebooted the computer and went to check on the fruits of my labor (I am now 2 hours into dealing with the DRM issue alone). I tried to install the last hotfix and get a nice error message telling me that the components I have installed are not compatible with this last fix. 2 hours of my time wasted following THEIR directions and it didn't even come close to working. I was no closer than when I started. I had enough at this time and stormed off for a while. Continue reading "DRM ruined my weekend" Tuesday, November 21. 2006WS-Addressing for ext/soap
I've ran into services in the past that supported WS-Addressing, but it was only recently that I worked with one requiring it in addition to WS-Security. It's not very difficult to implement, but I threw together a library for anyone else that might need to leverage it.
WS-Addressing Library: soap-wsa.php WS-Addressing Example: soap-wsa-example.php * The example also uses WS-Security (not required for WS-Addressing) but demonstrates some new WS-Security functionality. The functionality has only been implemented for a SOAP client side and has only been tested against a .NET service. If anyone runs into any bugs or interoperability issues, please let me know so they can be addressed. Continue reading "WS-Addressing for ext/soap" Saturday, November 18. 2006ZendCon 2006 - Advanced XML Slides
I finally got around to uploading the slides for my workshop: Advanced XML and Web Services
Although it has been shortened and slightly modified from the previous workshops, I find that presenting the material keeps taking longer and longer each time. This is probably the last time I will give this workshop because in the future I am going to propose breaking it into 2 different workshops; One or the other unless they are to be given back to back. As far as the conference went, I had a good time. The presentations I attended were good and it was nice seeing everyone again. I hadn't been on the West cost for over 10 years and my wife had never been, so once the conference was over we headed to San Francisco. Walked well over 100 miles that week, ate way too much food and had breakfast with the sea lions every morning. All in all it was a good vacation but I am still trying to recover from it as we speak. Monday, October 23. 2006SUN's OpenSSO project is new home to xmlseclibs code
Last month I released some prototype code for working with XMLSEC and XMLDSig in PHP and also mentioned that I would not be actively maintaining it. A few weeks ago I was asked by Pat Patterson, one of the Federation Architects at SUN, about incorporating the library for use in a PHP based SAML 2.0 service provider within the OpenSSO project. The code will probably recieve more attention there than I currently have time to provide, so you might want to check out what they are doing within their repository (note: the code located there is subject to the Common Developement and Distribution License). They are also looking for help from any PHP developers who might be interested in working the project.
So what does this mean to people already using the code or do not want to worry about any potential licensing issues? The xmlseclibs code located on my site (including any changes I might make to it) currently is and will remain to reside within the Public Domain. Basically if you get the code from here you do not need to worry about any licensing legal mumbo jumbo (there is none). You will however be on your own for any bugs or problems you might encounter when using the code from here. So what's in the future for working with Encryption and Digital Signatures in PHP? We, Alexandre Kalendarev and myself, are close to being ready to add our xmlsec implementation to PECL, but are still working through some issues - especially in the Digital Signature area. Currently it can process almost the same files as when I use the xmlseclibs library, but is still lacking when trying to create signatures with multiple references. For those who might want to try it out in its current state, you can Download the Pre-Alpha code, which includes some examples. Also, Alexandre has some documentation in Russian available, for those of you who can read it. It has taken us a while to get the code to this state, so hopefully we will be able to have an alpha release in the near future. Friday, September 15. 2006Slides from PHP|Works 2006
The slides for my tutorial and talk can be found at:
Advanced XML and Web Services (with accompanying code) XML Security For the XML Security session, what people are probably most interested is the code used to implement WS-Security and possibly Infocards using PHP. Security Library - Base XML Security library implementing XMLENC and XMLDSig functionality. WS-Security library - WS-Security library for use with SOAP. Currently only implements client functionality and is missing the ability to encrypt SOAP data. Example Usage of WS-Security - An example of interacting with the Amazon Elastic Compute Cloud (Amazon EC2) SOAP Service. Easily re-factored for use with other services requiring WS-Security. Infocard Library - Base library for processing infocards. Infocard demonstration - Demonstration of processing a submitted Infocard. The result is a SAML token along with a function to view submitted assertions. The form has NOT been updated to work with the recent namespace change, so modify the requiredClaims for use with IE7 RC1, Vista RC1 or .NET 3.0 RC1. Continue reading "Slides from PHP|Works 2006" Friday, September 8. 2006Updated Infocards
With the releases of RC1s for IE, .NET 3.0 and Vista, there has been a slight change in CardSpace. The http://schemas.microsoft.com/ws/2005/05/identity namespace has been discontinued in favor of http://schemas.xmlsoap.org/ws/2005/05/identity. In accordance with this change, as of today, the Infocard usage within my site has been updated to use the new namespace. Anyone running an older implementation will most likely be greeted with a message stating that the site requires a managed card.
This message is not really true and just means anyone using older CardSpace cannot access the site until they upgrade. I use the namespace when calling CardSpace only to identity the claims I require when submitting a card. The good news is that this change was only comsetic, requiring the small change on the registration and login forms. No backend code changes were required to support this namespace change. Warning: I upgraded both my .Net 3.0 framework and IE 7 one after another and never backed up my previously created cards. Once my system was up and running and I launched the Windows CardSpace, I was greeted by a nice message telling me that either my cards were corrupted or somehow were removed from the system. I did not have a backup of them (good thing I have only been playing around with them so far) and was required to re-create my cards and re-establish relationships with sites using my cards again. Lesson learned: Backup your cards prior to upgrading if you dont want to lose them!
« previous page
(Page 5 of 6, totaling 59 entries)
» next page
|