Pre-meeting =========== Jul 08 04:41:24 morning Jul 08 04:50:13 anyone alive in here? Jul 08 04:53:37 I am Jul 08 04:54:31 hey guys - how are ya? Jul 08 04:55:12 aj has been here since last night. I have to reboot, but I'll BBS. Jul 08 04:55:36 sure thing Jul 08 04:56:34 ok Jul 08 04:57:12 ajmitch: awake ???? Jul 08 04:57:31 in a way Jul 08 04:57:41 hehe Jul 08 04:57:50 colonel seems to be asleep :-) Jul 08 04:58:22 hi Jul 08 04:58:30 hey antifa Jul 08 04:58:40 an Auth guy ? Jul 08 04:58:42 heh - hey there andrew Jul 08 04:58:51 I'm surprised FrePort isn't here Jul 08 04:58:57 am i on time for the meeting today? Jul 08 04:59:04 he'll brb, he had to reset Jul 08 04:59:22 anyway, I can't stay and watch Jul 08 04:59:25 antifa: Sure are -- 1:00 PM EST Jul 08 04:59:28 I'm off home base Jul 08 04:59:45 will be back to DotGNU by tuesday ... Jul 08 04:59:50 be folks Jul 08 04:59:52 <-- t3rmin4t0r (mukundm@202.9.186.12) has left #dotgnu-auth ("Client Exiting") Jul 08 04:59:55 t3rmin4t0r: later Gopz :) Jul 08 05:00:00 fitzix: cool, i tried to make yesterday's but somethings wrong with ntpd, it keeps dying, my system time was 12 hours off lol Jul 08 05:00:10 doh! Jul 08 05:00:12 lol Jul 08 05:00:15 no doubt Jul 08 05:00:30 bothers me tho, no log messages or anything, just dies randomly Jul 08 05:01:06 brb - phone Jul 08 05:01:09 anyway, i guess i'm here to mostly watch, i want to help but don't really know what to do, so don't mind me :-) Jul 08 05:03:41 when does the meeting start, fitzix sir? :) Jul 08 05:04:55 he's on the phone, guess i'll go get coffee while i wait, brb Jul 08 05:08:01 back Jul 08 05:08:29 :) Jul 08 05:10:39 how are you all today? Jul 08 05:11:06 Well, now all we have to do is wait for mds... I'm fine. A bit sick at my tummy, but otherwise good. Jul 08 05:11:41 * ajmitch is cold & tired :) Jul 08 05:11:49 just crawled out of bed Jul 08 05:12:06 0500 there or a little after, correct? Jul 08 05:12:33 yup Jul 08 05:12:49 i'm back and good :-) Jul 08 05:12:53 So, who is the other fellow? Jul 08 05:13:08 * FrePort points to antifa Jul 08 05:13:09 antifa? dunno, he has yet to intrduce himself :) Jul 08 05:13:25 me? Jul 08 05:13:28 yes, you Jul 08 05:13:45 we're inviting you to summarize yourself in a few sentences. Jul 08 05:14:03 ummm, i came to the meet-athon and met Fragglet, want to help, not sure how, thought i would come to the meeting and see what clicked :-) is that a decent description? Jul 08 05:14:23 inviting? now that's far too kind ;) Jul 08 05:14:48 Programming languages known (right, but interrogated is far to extreme) Jul 08 05:15:01 lol, would demand be a better word? Jul 08 05:15:11 * FrePort hmmmmss... Jul 08 05:15:15 perhaps. Jul 08 05:15:38 Antifa: Programming languages you know? Jul 08 05:16:02 programming...i've got some java, have mostly done html/js work so far tho :-/, i'm learning though, and really interested in the auth part of things, for instance gnupg integration Jul 08 05:16:06 * ajmitch does Python, Java, C, is learning C# Jul 08 05:16:19 like i told fragglet, i'm not sure how much help i can be atm Jul 08 05:17:03 i'm happy to help if i can, and if not until i learn more thats fine too Jul 08 05:17:22 sure, fitzix will try & find a place for you :) Jul 08 05:18:09 coolio, so the auth group is going to handle stuff like gpg right? Jul 08 05:18:45 uhm, i'll let FrePort answer auth group questions Jul 08 05:18:57 i'll sit in the audience for this :) Jul 08 05:19:04 or maybe someone could gimme a brief rundown on the auth group (apart from what was in the email about it) Jul 08 05:19:34 antif: Did you read the log file announcing this meeting? Jul 08 05:19:59 I'm in the process of posting a copy of the log. Give me a moment. Jul 08 05:20:26 k Jul 08 05:26:10 hmm oops Jul 08 05:26:23 wb Jul 08 05:28:07 well this meeting is off to a roaring start, glad i got up for this :) Jul 08 05:28:36 what is the status of the various auth projects as this time? Jul 08 05:28:42 sorry - GF and I talking -- bad stuff Jul 08 05:28:54 oh dear Jul 08 05:29:44 lol Jul 08 05:29:46 there, got my window list back :) Jul 08 05:30:02 fitzix: you could register the channel Jul 08 05:30:37 * antifa switches dotgnu-auth into 2nd gear Jul 08 05:30:50 Here's the log from last week. There are a few links therein: http://users.ids.net/~nightspd/freport/dotgnu-auth/2002-07-01.txt Jul 08 05:30:59 * antifa "2nd gear" unknown command Jul 08 05:31:06 k, checking it now Jul 08 05:31:17 is it different from the one on macs.sf.net? Jul 08 05:31:36 No. Just a repost for my convenience. Jul 08 05:31:49 Eventually I'll make it into HTML. Jul 08 05:32:35 but that should get antifa onto what we're all about. Answer the questions: Who is involved and so on... Jul 08 05:34:58 ok Jul 08 05:38:30 Hmmm... do you suppose Mario is still on his roadtrip? Jul 08 05:38:56 wouldn't think he'd miss this Jul 08 05:40:05 ok, so for one, a lot of the program speak is over my head still, and for 2) are there any plans/discussion on implementing gpg into the codebase for phpgroupware or using a webmail system that includes gnupg? Jul 08 05:40:29 perhaps not the codebase for phpgroupware, but the auth codebase for phpgroupware even? Jul 08 05:40:44 you'd want to talk to the phpGW developers about that - specifically the email app coders Jul 08 05:41:00 1) No-one's discussed it yet. 2)you'd want to talk to the phpGW developers about that - specifically the email app coders (quoting) Jul 08 05:41:06 is gpg suited for auth? Jul 08 05:42:05 Auth is more a realtime process, whereas GPG is, to my mind, more batch and archival. Jul 08 05:42:38 it seems to me that gnupg should be implemented in the auth system somehow, or maybe you're right and it should be it's own system seperate fromt he auth subsystem Jul 08 05:43:14 BRB - JVM lockup. Jul 08 05:44:02 gpg issues are part of why i'm here, the other being how cool the dotgnu project is Jul 08 05:45:40 i guess the thing to point out is that currently, none of the gnuenterprise style projects support gpg in any way afaik, can anyone correct me on this or am i right? Jul 08 05:45:48 I think we may be looking at a transport through GNU-TLS: http://www.gnu.org/directory/gnutls.html Jul 08 05:45:59 no, GNUe doesn't do gpg Jul 08 05:46:11 (where GNUe == GNU Enterprise) Jul 08 05:47:14 from a marketing standpoint, doesn't it seem that dotgnu would benefit from gpg? Jul 08 05:47:23 * ajmitch is involved in 2 main GNU projects, GNUe & DotGNU :) Jul 08 05:47:26 and I'd use GPG for FrePort, but they're short an algorithm that I require (no SHA-256 support) Jul 08 05:48:43 antif: I'd refer that question to fitzix. He's the marketting guru. Jul 08 05:50:38 basically what you have with auth is the need for one party to affirm that the other party is/is-not who they say they are. GPG does this through PKI, but it's not real time. That's why TLS is built atop it. Jul 08 05:51:23 got a link for PKI? Jul 08 05:52:24 nm i can google it i'm sure Jul 08 05:52:39 public key infrastructure? Jul 08 05:52:56 it's very slow to resolve a large web of trust in realtime Jul 08 05:53:32 ahh yes, i was apparently confused, so TLS is built atop pki? Jul 08 05:54:19 As I grok it. Jul 08 05:54:41 * FrePort wouldn't want to be quoted on that... Jul 08 05:55:35 the documentation is some of the worst I've ever read, but it's the only transport layer protocol implementation under LGPL that I've been able to find. Jul 08 05:57:48 All of the above statements are only my opinion. Doubtless the final implementation will be something different. Jul 08 05:58:13 of course Jul 08 05:59:39 I just don't want to be caught in the "Freport said long ago..." petard. I am just one voice of three and they may have other opinions. Jul 08 05:59:40 ok, so what things will the dg-authwg cvs & website be used for? documents? Jul 08 05:59:56 * ajmitch writes down everything FrePort says... ;) Jul 08 06:01:15 yes... and eventually each of the current projects will be subprojected there. Jul 08 06:01:22 * FrePort crosses his fingers. Jul 08 06:02:27 hmm, according to a mail in my spam folder, i just won $1.5M dollars! ;) Jul 08 06:02:34 *cough* Jul 08 06:02:38 wooohooo! Jul 08 06:02:48 can i have a dollar? Jul 08 06:03:19 according to the spam, "N.B. Any breach of confidentiality or any other conditions stated above, on the part of the winners will result to immediate disqualification. Please do Jul 08 06:03:19 not reply this mail." Jul 08 06:03:29 Hmmm... in AUD? That would suck. *giggles* Jul 08 06:03:33 it's quite sad, really Jul 08 06:03:37 no, USD Jul 08 06:03:44 lol Jul 08 06:03:44 * ajmitch is not in .au :P Jul 08 06:04:23 * FrePort hasn't a cloo which other countries call their currency "dollars" and so picked one at random. Jul 08 06:04:35 most other countries do Jul 08 06:04:47 NZ is .au's neighbour Jul 08 06:05:49 We're 15 currency names less than last year. No more drachmas, guineas, reals, lira... Jul 08 06:06:13 Just the € Jul 08 06:06:32 well at least we're on topic :-P Jul 08 06:06:48 * FrePort giggles. Jul 08 06:06:51 of course :) Jul 08 06:06:56 * ajmitch is getting colder Jul 08 06:10:28 aj: I'm shocked you're conscious. Jul 08 06:10:50 what, at 6am? Jul 08 06:10:54 so am i :) Jul 08 06:11:14 0600 is no fit hour for man nor beast. Jul 08 06:11:44 Too late in the night to sleep. Too early to start drinking. Jul 08 06:11:56 hehe Jul 08 06:15:40 OK - back Jul 08 06:15:42 phew Jul 08 06:15:53 I just told her I had to go and we'd talk about this later Jul 08 06:16:02 (not a pretty situation) Jul 08 06:16:04 anyway Jul 08 06:16:20 GPG -- Jul 08 06:16:43 sure, lol Jul 08 06:16:43 welcome back fitzix Jul 08 06:16:45 I think that we should use GPG as much as is plausible for what we're doing... but if it doesn't fit, then we shouldn't use it Jul 08 06:16:50 thank you Jul 08 06:16:50 you're almost in time for the meeting ;) Jul 08 06:17:19 anyway Jul 08 06:17:21 It's kind of funny that mds didn't make it, or Hans for that matter. Jul 08 06:17:32 FrePort: Yes - I agree Jul 08 06:17:32 yes, disappointing Jul 08 06:17:43 aj: can you do the logging for us? Jul 08 06:17:48 * ajmitch missed valuable hours of beauty sleep :( Jul 08 06:17:55 uhh, i guess Jul 08 06:19:15 But - GPG usage... GPG is a GNU project -- therefore we have an obligation to use it over others Jul 08 06:19:26 that doesn't mean that we can't extend it is plausible :) Jul 08 06:19:51 ajmitch: let me know when you're logging Jul 08 06:19:59 Shall we begin? Log ready aj? Jul 08 06:20:26 ready Jul 08 06:20:28 fitzix: i've been logging since xchat joined the channel :) Jul 08 06:20:32 cool Jul 08 06:20:45 So, call us to order. Meeting ======= Jul 08 06:21:02 OK - we begin this meeting of the Auth working group at 2:30 PM EST Jul 08 06:21:41 only one project is represented at this time, and that is FrePort Jul 08 06:22:39 Present are ajmitch; antifa; fitzix and FrePort Jul 08 06:21:45 John, you have the floor Jul 08 06:22:07 The minutes for last meeting are as follows: Jul 08 06:22:36 we discussed the integration of macs and Freport and the general direction of Auth in DotGNU Jul 08 06:22:58 Three issues were tabled for discussion this week: Jul 08 06:23:31 1) Get Hans on-board with integration? (assigned to: mds, fitzix) Jul 08 06:24:07 2) Possible market applications, what and whose applications would we target? (all) Jul 08 06:24:38 3) ROI = Return on Investment (all, presentation by mds) Jul 08 06:24:59 4) MACS/Freport integration diagram. Jul 08 06:25:39 I propose we take these up in order, and yield the remainder of my time to fitzix. Jul 08 06:26:02 (as the only person on task 1. Jul 08 06:27:37 * FrePort yields the floor to fitzix. Jul 08 06:28:08 I have not yeard from Hans at all yet Jul 08 06:28:20 I have e-mailed him concerning what we started last week, though Jul 08 06:28:44 Is he still on the mailing list? Would he have seen the announcement? Jul 08 06:28:47 Integration may be difficult considering a lack of attention to the issues it presents Jul 08 06:28:55 FrePort: I sent him a personal e-mail Jul 08 06:29:04 I can check on his membership if you'd like Jul 08 06:29:58 Could be helpful... Jul 08 06:30:26 He does not appear to be on the list at all anymore Jul 08 06:30:34 If he's not tracking the mailing list, we might be able to assume he's not interested? Jul 08 06:30:48 He would not appear to have recieved mds' announcement Jul 08 06:30:51 nor mine Jul 08 06:31:02 I'd consider it a real possibility Jul 08 06:31:12 Hrrrrmmm... probably he's on summer holiday. Jul 08 06:31:50 We'll have to develop a contigency plan to account for his absence. Jul 08 06:32:10 We'll leave the door open for him, but late comers always get last word -- let's keep the ideas put forth in IDSEC in mind when we develop, to minimize effort if he does wish to join later Jul 08 06:32:34 Agreed by me. Jul 08 06:32:35 However, if we feel that IDSEC has a major architectural flaw, we should engineer around it and choose not to inherit it Jul 08 06:33:32 Mario seemed interested in working with FrePort -- but I'll leave the details of that to him at the moment Jul 08 06:33:33 * ajmitch waits for section 2) :) Jul 08 06:33:47 I propose that we move to issue 2) Possible market applications Jul 08 06:33:54 John, did you have any ideas on this? Jul 08 06:33:58 Okay. Can we consider issue 1 closed until we hear from Hans? Jul 08 06:34:07 FrePort: I would say so Jul 08 06:34:18 * FrePort checks off issue 1. Jul 08 06:34:26 Onto issue 2. Jul 08 06:34:40 ok, how do we integrate auth with DotGNU applications? do you have a plan for how app developers will use these libs nicely? Jul 08 06:35:08 ajmitch: good question - and key to marketing auth Jul 08 06:35:10 being the official representative(TM) of the dotgnu-libs project, I am interested :) Jul 08 06:36:00 both MACs and Freport have a clientside and serverside lib for applications to interact with the auth daemon. Jul 08 06:36:28 alright Jul 08 06:36:35 The API is vastly different, but I'm working to converge them. Jul 08 06:36:55 so we need to have a common way of accessing these via C# if we want to use that for webservices? Jul 08 06:37:07 what language are they written in, btw? Jul 08 06:37:43 That's another issue we tabled last week. I'm in C++, Mario is prototyped in PERL (I believe) Jul 08 06:37:50 ah i see Jul 08 06:37:54 and IDSEC is in PHP and Java. Jul 08 06:38:19 well that'll be fun to integrate - maybe an rpc interface to webservices? Jul 08 06:38:46 I believe that that can be solved with a GNURPC lib combined with an exposed object broker Jul 08 06:38:50 Yes, that was going to be my suggestion when the question came up. Jul 08 06:38:50 that would be tied into SEE Jul 08 06:39:09 ok, as i'm also the dotgnu.rpc author (sigh) Jul 08 06:39:11 (or accessed by SEE) Jul 08 06:39:22 Heh Jul 08 06:39:38 lol Jul 08 06:39:51 I believe that we can create a common object broker -- that would be very beneficial to all of the projects... Jul 08 06:40:05 and use that to expose objects/methods to the network Jul 08 06:40:26 all of our auth systems have a weakness in that they are meant to authenticate users access to data. There would need to be a methodology to authenticate a service to a service. Jul 08 06:40:30 This is actually getting into the context of my SEE brainstorming, but it could be beneficial to auth as well Jul 08 06:40:51 * FrePort nods... Jul 08 06:41:29 FrePort: I believe that that could be done by storing service tokens in a generic and publicly readable profiling system Jul 08 06:41:43 quick question, anyone got a link to a SEE document? something to catch me up Jul 08 06:41:48 FrePort: Which, actually, overlaps with the auth systems' secondary goals Jul 08 06:41:58 antifa: Heh - which vision do you want? :) Jul 08 06:41:59 fitzix: what do you see as being a common object broker then? Jul 08 06:42:17 or re-vision. *chuckles* Jul 08 06:42:29 lol, ok, i'll fly blind for now :-) Jul 08 06:42:42 ajmitch: I'm not exactly certain -- we can use something like DCOP if we want to stick with existing items, but I don't think that that's what we really want because it would be unsufficient to our needs Jul 08 06:42:48 (perhaps my question is a little OT) :) Jul 08 06:43:01 ajmitch: no - I think that it fits into where we're going :) Jul 08 06:43:11 DCOP is a marshalling & transport protocol Jul 08 06:43:20 not an object broker :) Jul 08 06:43:45 fitzix: seen the gnur-rpc docs? Jul 08 06:43:47 yes - but it serves some similar functions -- some people seem to consider it an object broker of sorts Jul 08 06:43:55 (well, the GNUe implementation) Jul 08 06:44:07 Not that I think that it fits the need -- frankly, it doesn't :) Jul 08 06:44:15 ajmitch.dhis.org/~ajmitch/gcomm/gcommporposal.html Jul 08 06:44:17 ajmitch: Not yet -- have a link? Jul 08 06:44:22 ahh. OK :) Jul 08 06:44:24 (blame the spelling on siesel) Jul 08 06:44:30 this from GNUe cvs Jul 08 06:45:00 Bringing back to topic for a moment? Point of issue 2 was more what applications we could target that would encourage end-users to install and download DotGNU auth. Jul 08 06:45:50 we're talking about possible marketing for standalone DotGNU auth? Jul 08 06:45:54 For instance, web-email gateways, online games, internal networks, or (my suggestion) blogs. Jul 08 06:46:11 sorry, but whats blogs? Jul 08 06:46:19 ajmitch: This is very similar to what I'm referring to Jul 08 06:46:32 fitzix: yes, and i'm implementing it in C# :) Jul 08 06:47:06 ajmitch: works for me :) Jul 08 06:47:22 FrePort: what about more commercial sites? they'd probably find this useful (eg online auction, etc, the list goes on) Jul 08 06:47:25 blogs are good, but have very limited commercial presence Jul 08 06:47:39 Both Freport and MACs require that a client support them specifically, so we need to target clients to support the Auth, on the other hand, we also need to show those authors that there's a need for them to support. Chicken and egg. Jul 08 06:48:05 FrePort: Or, make it brainlessly easy for them to set it up to be supported Jul 08 06:48:24 so people sufing this interweb thingy would need to install DotGNU Auth client to use some sites? :) Jul 08 06:48:26 And to show the need we have to encourage serverside programmers to build in the mechanisms needed to demand from the client. Jul 08 06:48:36 I'm a big fan of providing the server side almost completely functional and hooking into the site via an established functional mechanism Jul 08 06:49:05 fitzix: Tunneling through https: for example? Jul 08 06:49:09 The key really is to make it braindead easy Jul 08 06:49:14 FrePort: Precisely Jul 08 06:49:25 FrePort: and offer glue mechanisms in PHP, etc Jul 08 06:49:33 FrePort: most likely through XML-RPC Jul 08 06:49:35 ummm, what is a blog? Jul 08 06:49:56 That way, they don't have to rework their site horribly to make DotGNU auth fit in Jul 08 06:50:11 antifa: it's a weblog - like a personal journal system type of thing Jul 08 06:50:53 But, the goal: Jul 08 06:51:18 to implement, all they need to do is install DotGNU auth -- and then add a handful of lines of code to their site Jul 08 06:51:21 blam - done Jul 08 06:51:33 otherwise, we can't compete Jul 08 06:51:43 yes Jul 08 06:51:59 it shouldn't take more than 50 LOC to integrate into a basic site Jul 08 06:52:09 * ajmitch is being optimistic :) Jul 08 06:52:26 I think that if we supply common glue code, we could even get the number down under 10 Jul 08 06:52:35 that is in an optimal situation Jul 08 06:52:43 like a pre-existing PHP installation Jul 08 06:52:56 who are the existing competitiors out there for this kind of implementation? Jul 08 06:53:25 antifa: Passport and the Liberty Alliance Jul 08 06:53:46 In other words, we're fighting Microsoft, Sun and AOL :) Jul 08 06:53:57 passport sucks and spends most of it's time compromised lol, too bad it has such a market share Jul 08 06:54:02 Fitzix: You forgot - Magic Carpet. Jul 08 06:54:23 aka "My Screenname" that's AOL/Yahoo. Jul 08 06:54:28 FrePort: Isn't that AOL? That's part of the liberty alliance, isn't it> Jul 08 06:54:57 No, AOL has refused to open it to the Lib Alliance use, but they will gateway it. Jul 08 06:55:11 OK - I stand corrected Jul 08 06:55:14 so, dotgnu auth would be a drop in replacement for those kinds of auth mechanisms? Jul 08 06:55:22 antifa: that's the idea Jul 08 06:55:26 Not drop-in unfortunately. Jul 08 06:55:46 Well, in a sense it could be... Jul 08 06:56:16 so, we just have to provide services that are gpl'd that the main competitors won't touch, ie - more functionality like gpg for web-mail, is that the idea? Jul 08 06:57:00 antifa: basically, we have to provide a complete replacement Jul 08 06:57:13 FrePort: care to elaborate on the "Not Drop-in" aspect? Jul 08 06:57:13 When I hear drop-in I think of something where I can actually replace the functionality. Like a DRI driver in X. Replace one with another and the whole (X Window) continues to function. We'll be more of a drop-through replacement. Install it and make some minimal changes. Jul 08 06:57:36 ahh - good point Jul 08 06:58:03 alright, i'm getting the gist now, do we know the main components of say passport or liberty alliance? (sorry if i'm too remedial) Jul 08 06:58:13 how will the client integrate? browser plugins? Jul 08 06:58:25 (sorry, answer antifa's q first) Jul 08 06:58:28 In order to be a drop-in replacement, we'd need to mimic the API of Passport (for example) and that's not gonna go. Jul 08 06:58:29 Standalone daemons is my thoughts Jul 08 06:58:33 * antifa shudders at the mention of browser plug-ins Jul 08 06:58:56 That's one thing I want to nip in the butt Jul 08 06:59:01 fitzix: ok, so users have to have the auth software running? how do we make it transparent? Jul 08 06:59:05 in the butt? ;) Jul 08 06:59:06 webservice != web browser Jul 08 06:59:17 ok, quite true Jul 08 06:59:38 Microsoft has "screwed up" the idea by integrating the browser into every aspect of windows Jul 08 06:59:45 and that confuses the hell out of people :) Jul 08 06:59:46 * antifa nods... Jul 08 06:59:51 The browser is the access point for the end user to a GUI that provides a webservice. It's strictly the Application layer of the protocol. Jul 08 07:00:03 Webservice == transport via XML-RPC or another style of protocol Jul 08 07:00:12 FrePort: but the browser doesn't *have* to be the access point Jul 08 07:00:23 * ajmitch tries to apt-get remove --purge that way of thinking :) Jul 08 07:00:25 FrePort: which could be easily replaced, as is the case with almost all C# programs Jul 08 07:00:36 antifa: yes, you got it. Jul 08 07:01:04 The daemons, essentially, talk to each other Jul 08 07:01:15 auth server daemon <-> auth client daemon Jul 08 07:01:23 like a game connecting to a gaming network Jul 08 07:01:25 to use an example Jul 08 07:01:46 right Jul 08 07:01:50 If that's through a browser plugin - great Jul 08 07:02:07 The communication can be c->s or s->c or p->p Jul 08 07:02:13 so client-side interfaces talk to the system/user client auth daemon? Jul 08 07:02:23 but better if the daemons/services are network capable themselves (or are network capable via and exposed object broker that has proper facilities for auth in it) Jul 08 07:02:49 ok then Jul 08 07:04:54 and - to make matters more complicated (by introducing remote profiling) one can have an auth server that talks to the client -- It's well diagramed on the FrePort site Jul 08 07:05:20 So, what types of applications can make use of this? Jul 08 07:05:26 we've managed to get onto technical discussions well here :) Jul 08 07:05:34 keep in mind, it's not just authentication, we're also talking profiling Jul 08 07:05:45 ajmitch: we sure have Jul 08 07:05:52 matching user data to an ID? Jul 08 07:06:03 ajmitch: precisely Jul 08 07:06:33 clausen had a good idea that he showed me, i wonder if he'd mind me sharing it (as a possible application) Jul 08 07:06:37 ajmitch: So, it's not just an ID system, it should also store settings and generic tokens Jul 08 07:07:02 and keys Jul 08 07:07:09 antifa: yep Jul 08 07:07:09 (clausen from #gnu) Jul 08 07:07:43 go on Jul 08 07:09:26 what was the comparable service from sun again? Jul 08 07:10:12 Well, Sun is part of the Liberty Alliance, which is a group of companies Jul 08 07:10:28 I'm not certain that they've named their service yet Jul 08 07:10:45 ajmitch: you there? Jul 08 07:10:52 * ajmitch was just getting breakfast :) Jul 08 07:11:08 http://members.optushome.com.au/clausen/ideas/online-tech-support.txt Jul 08 07:11:21 alright, i was just looking up details on their Forte project to see what auth mechanisms it included, there doesn't seem to be much documentation on that aspect of it Jul 08 07:12:02 mmm, crappy porridge Jul 08 07:12:14 though they've mentioned us as a "consumer level" provider. Jul 08 07:14:02 ya know it just kills me, of all the cross platform distributed app solutions out there, not one of their FAQ's mentions auth or security in any fashion, what a crock Jul 08 07:14:19 heh Jul 08 07:14:28 fitzix: comments? Jul 08 07:15:17 FrePort: Who has? Liberty Alliance? Jul 08 07:15:20 I think the most likely programs to target clients and server would be those in the GPL library. There's probably a few in there that aleady require authentication and we could serve as a password memory system for them. In short, we appeal to their membership in FSF as a lead-in for acceptance. Jul 08 07:15:39 fsf? Jul 08 07:15:44 nm Jul 08 07:15:46 ajmitch: I think it's a VERY interesting idea... like SourceXchange for tech support Jul 08 07:15:51 Fitzix. Yes the Liberty Alliance mentioned us in interview as a consumerlevel provider. Jul 08 07:16:07 ajmitch: it would be very useful for them to use DotGNU auth Jul 08 07:16:11 fitzix: thank yet another australian for that :) Jul 08 07:16:17 yeah, i mentioned that to him Jul 08 07:16:28 (he maintains GNU parted) Jul 08 07:16:41 yep - clausen is a good person Jul 08 07:16:48 ah, you know him Jul 08 07:16:57 FrePort: Very cool -- at least we know that we are known Jul 08 07:17:08 yep - I've spoken with him on #gnu occassionally :) Jul 08 07:17:32 We can thank Hans for that. He got IDSEC fronted through Verisign (?) to the LA. Jul 08 07:18:03 They may be under the impression though that DotGNU /is/ IDSEC. Jul 08 07:18:22 heh, interesting Jul 08 07:18:47 Always play off your competitions misapprehensions. Jul 08 07:19:38 If they think we're IDSEC and FUD us with the weaknesses of IDSEC we'll be elsewhat by then. Hopefully integrating away from some of those faults. Jul 08 07:20:05 I like this idea of clausen's. Jul 08 07:20:27 And definitely see where our kind of authentication could be useful. Jul 08 07:20:50 yup Jul 08 07:21:49 What else do we have as targets. PHP-GW? Jabber? Are there any GPL'd programs we use everyday that depend on a login? Jul 08 07:23:03 phpGW should certainly be a target Jul 08 07:23:26 seems to me any distributed eneterprise environment needs auth Jul 08 07:23:45 yes, but phpGW should integrate with DotGNU :) Jul 08 07:23:53 to an extent Jul 08 07:24:04 * antifa agrees Jul 08 07:24:20 Every integration starts with a baby-step. Auth is a good baby-step. Jul 08 07:24:31 * antifa again agreed Jul 08 07:25:55 yup, dotgnu.org lists phpGW as a DotGNU project Jul 08 07:26:23 if we integrate profiles, generic tokens, and pki into auth, it would provide a much more robust and secure environment then passport will ever be Jul 08 07:26:30 How about FreeCiv? Doesn't it need a login? Jul 08 07:26:49 yeah it does Jul 08 07:27:01 Passport is basically Kerberos using cookies as a token wrapper. Jul 08 07:27:02 adam theo has been trying to push jabber on the mailing lists Jul 08 07:28:05 I've noticed and I've read their auth mechanism. I'm not going to slam it (not right now, anyhow) Jul 08 07:28:31 So, is a game like FreeCiv a good target? Jul 08 07:29:07 so we've got web services, blogs, webmail, and FreeCiv on the list, is there anything else we should consider? Jul 08 07:29:45 * FrePort giggles "FTP" Jul 08 07:30:39 No seriously, change FreeCiv to online games and we've a good general list. Jul 08 07:31:40 From that we can build a sublist of targets in a future issue debate. (Envisions long nights of Freshmeat searches and e-mail writing campaigns) Jul 08 07:32:27 right Jul 08 07:33:05 oooh fun, i can do that :-) Jul 08 07:34:32 Are three criterion would be 1) requires a login in it's current form, OR requires a transportable preference storage Jul 08 07:34:58 2) is in the groups mentioned above Jul 08 07:35:14 3) is currently GPL (I can't emphasize that enough) Jul 08 07:35:43 So, antifa, you want to research and prepare a preliminary report? Jul 08 07:36:04 well, let me clarify first, please restate the groups for everyone Jul 08 07:36:58 web services, blogs, webmail, and online-games Jul 08 07:37:45 ok, here's what i can do, i'll do the googling and freshmeat'n to get a good comprehensive list of projects that fit those criterion and have it available for next meeting, sound good? Jul 08 07:37:54 sounds excellent! Jul 08 07:38:14 (you do realise that the list could be in the thousands, right? :) Jul 08 07:38:43 i do, i'm gonna try and script some automation into it though :-) then thin down from there Jul 08 07:38:51 good code project for me to do anyway Jul 08 07:38:57 yep Jul 08 07:39:16 How about one group for next week? If we poor humans try to evaluate a list in the thousands in one session we'll go postal. Jul 08 07:39:48 lol, alright, i'll concentrate on web services for now, we can also post it and people can read *before* the meeting Jul 08 07:39:50 Best chuck Savannah and sourceforge. Jul 08 07:40:01 errr check, not chuck. Jul 08 07:40:14 savannah! Jul 08 07:40:20 that's one we should target Jul 08 07:40:42 need a link to savannah, i know nothing about it currently Jul 08 07:40:43 i'm hoping to chat with loic at some stage about using DotGNU with savannah Jul 08 07:40:47 no kidding. :-) Worst login infrastructure I've ever encountered. Jul 08 07:40:51 antifa: savannah.gnu.org Jul 08 07:40:57 thanks Jul 08 07:41:16 .me wonders why fitzix has been silent again :) Jul 08 07:41:41 antifa: savannah is both a source of info, and a GPL webservice we should target Jul 08 07:41:51 since it's run by GNU Jul 08 07:42:23 i get it now, alright Jul 08 07:43:04 And sourceforge is another source of info for your list. Jul 08 07:43:21 i've got google, sourceforge, freshmeat, and savannah on the list Jul 08 07:43:42 as sources, right? Jul 08 07:43:45 yes Jul 08 07:43:55 * FrePort thinks.... Jul 08 07:44:00 here's a summary Jul 08 07:45:03 Targets: webservices, webmail, blogs, online games. Criterion: requires login or preferences currently or soon, GPL'd, in a target group. Sources: google, sourceforge, freshmeat, savannah Jul 08 07:45:37 One other target - very important: mobile applications! Jul 08 07:45:58 By mobile I mean Palm or Zaurus, not Nokia.... Jul 08 07:46:02 yeah! Jul 08 07:46:15 transparent logins, perhaps? :) Jul 08 07:46:17 hmmmm Jul 08 07:46:25 exactly. Jul 08 07:47:12 And the sources for those would be ??? Palmsource ??? Is that the name of the site? Jul 08 07:47:54 not sure Jul 08 07:47:57 Since the Zaurus is running Linux, we don't have to target them directly - we get them by extension. Jul 08 07:48:18 app developers still need to integrate our stuff Jul 08 07:48:55 * ajmitch will have to sit down on irc & sort out a plan for taking savannah :) Jul 08 07:49:03 i'll look into mobile Jul 08 07:49:30 not sure what to do with that category as of yet Jul 08 07:49:48 Targets: webservices, webmail, blogs, online games, mobile. Criterion: requires login or preferences currently or soon, GPL'd, in a target group. Sources: google, sourceforge, freshmeat, savannah Jul 08 07:50:29 * ajmitch has now gone from cold -> freezing :) Jul 08 07:50:53 antifa: until we come up with a specific source for a directory of mobile applications, just keep your eye open for possible in that group in the sources you already have? Sound good? Jul 08 07:51:04 sounds good Jul 08 07:51:19 * FrePort sends ajmitch some of his 98F in the shade weather. Jul 08 07:51:29 Okay, next topic? Jul 08 07:51:37 want some of my rain FrePort? Jul 08 07:52:08 3) ROI = Return on Investment (all, presentation by mds) Jul 08 07:52:08 4) MACS/Freport integration diagram. Jul 08 07:52:15 are the topics we have left to cover Jul 08 07:52:37 unfortunately, mds is absent from the proceedings Jul 08 07:52:49 Seeing as we lack mds, and fitzix was going to lead, let's switch the order and go to 4? Jul 08 07:53:00 alright then Jul 08 07:53:05 Because *I* am definitely here. Jul 08 07:53:09 hehe Jul 08 07:53:14 you have the integration diagram prepped & ready to show off? Jul 08 07:54:03 omg it's freaking pouring here right now Jul 08 07:54:21 Okay, two diagrams to start with (these are in Dia format http://www.lysator.liu.se/~alla/dia/ ) Jul 08 07:54:53 apt-get install dia, for those on a decent distro :) Jul 08 07:55:17 one sec, lemme see if it's in portage Jul 08 07:55:33 sure enough, take me aminute Jul 08 07:55:38 * ajmitch does apt-get dist-upgrade Jul 08 07:55:51 only new pnet packages Jul 08 07:55:58 ok FrePort, proceed Jul 08 07:56:03 Original MACs diagram: http://users.ids.net/~nightspd/freport/images/macs.dia Jul 08 07:56:33 hrmmm, only 2 meg source, i'll be about 5 minutes on those diags Jul 08 07:56:42 MACS+Freport diagram: http://users.ids.net/~nightspd/freport/images/macsfreport.dia Jul 08 07:57:10 * ajmitch looks Jul 08 07:57:16 been able to talk this over with mds? Jul 08 07:58:04 Only insofar as this is the proposal and is based on our previous discussions. Hopefully he'll deluge me with e-mail when you post this log. Jul 08 07:58:31 ok then Jul 08 07:58:43 looks fairly similar Jul 08 07:59:22 i'm guessing that that's because i don't have a grasp on the complexity that's hidden ;) Jul 08 07:59:28 Doesn't it though? There's not a lot of structural program difference in MACS vs Freport. All our differences are in our network methodology. Jul 08 07:59:38 that's good news Jul 08 07:59:51 so, just to review, there were 3 projects mentioned previously, and it's been decided to try and integrate all of them, is that correct? Jul 08 08:00:01 That is correct. Jul 08 08:00:07 ty Jul 08 08:00:15 The majour differences are: Jul 08 08:02:01 MACS wants the application to shoulder the burden of communicating with each service in the server core. Jul 08 08:02:32 Freport abstracts that same functionality through a configurable Control Logic. Jul 08 08:02:49 hmm, freport sounds like my sort of design then Jul 08 08:03:07 * ajmitch prefers to have as little in the app as possible Jul 08 08:03:31 make sense if we're distributing the app, more secure that wayy too i would think Jul 08 08:04:48 MACS makes no distinction between a remote and a local authenticator, authorizer, and data source. Freport's network topology (http://users.ids.net/~nightspd/freport/FrePort_Dataflow_Explanation_Retrieve.html and http://users.ids.net/~nightspd/freport/FrePort_Dataflow_Explanation_Storage.html) depends on this distinction. Jul 08 08:06:37 And MACS has an explicit Gateway, but the way I've diagrammed it the Gateway is just another application (dependent on the same glue library as an application). Freport's gateway was just another service, but MACS way is better, so I junked that aspect of FrePort. Jul 08 08:07:12 alright Jul 08 08:07:20 trying to extract the best of both then Jul 08 08:08:30 * ajmitch has to go to uni in just under 2 hours, sigh Jul 08 08:09:17 The other minor difference is on the backend, where the remote authenticators, authorizers, and profile are; these have been replaced from "disk drums" to gateways (presumably other MAC-FrePort gateways. Jul 08 08:09:27 i need to go get some food soon (sigh), we're 3 hours in and counting now Jul 08 08:09:47 I'm done... Jul 08 08:10:19 alright, thanks for describing it Jul 08 08:10:54 the remote adapter->gateway will speak macs/freport api? Jul 08 08:10:58 i didn't mean to cut this short, i just should have stocked up early, i'll remember it next time lol\ Jul 08 08:11:02 Those are the majour differences. The URIs for MACs and FrePort are in last week's logs, and they bothe detail the network topology, which would be the next integration problem to solve. Jul 08 08:11:07 sure Jul 08 08:11:20 --> jonaslund (whizzter@as2-5-1.sbn.s.bonet.se) has joined #dotgnu-auth Jul 08 08:11:45 hi jonaslund Jul 08 08:11:51 hi Jul 08 08:12:05 'ello Jul 08 08:12:09 greeting jonas. Jul 08 08:12:11 dang, dia is still compiling Jul 08 08:12:21 ok, what else do we have to cover? more discussion on the integration? Jul 08 08:12:53 Well, we've almost got fitzix back, but with both of you leaving. I'm in favour of tabling #3 for next week. Jul 08 08:13:39 So, shall we set the meeting for next week and draw up the schedule for discussion? Jul 08 08:14:13 1330 EST good for everyone? (Give ajmitch another half-hour of sleep) Jul 08 08:14:18 * ajmitch isn't leaving for another hour :) Jul 08 08:14:41 yeah, should be ok Jul 08 08:14:42 1330 est, 530 utc right? Jul 08 08:14:48 antifa: unfortunately Jul 08 08:14:58 sorry aj, where are you at btw? Jul 08 08:15:58 works for me Jul 08 08:15:59 ack Jul 08 08:16:01 heh Jul 08 08:16:04 good list of apps Jul 08 08:16:04 lol Jul 08 08:16:06 I like what I see Jul 08 08:16:14 Good diagram - again, I like what I see Jul 08 08:16:38 * fitzix feels like clergy -- he's only capable of showing up to bless everything in sight before it leaves :) Jul 08 08:16:41 antifa: i'm in NZ, 12 hours ahead of GMT/UTC Jul 08 08:16:47 * FrePort preens Thanks fitzix. Jul 08 08:16:47 hey fitzix Jul 08 08:16:51 i guess this means i should sub the dotgnu-auth list Jul 08 08:16:54 * ajmitch is not leaving for awhile Jul 08 08:16:56 ouch Jul 08 08:17:09 Hmm - that's something I wanted to ask Jul 08 08:17:17 should the working group just use the auth@dotgnu.org list Jul 08 08:17:23 might as well Jul 08 08:17:23 or should we make a seperate WG list? Jul 08 08:17:32 why use a separate list? Jul 08 08:17:39 ok, so sub the auth list then Jul 08 08:17:42 auth@dotgnu.org should suit Jul 08 08:17:58 ok, is meeting closed? Jul 08 08:18:03 I agree. Don't create a new list. Jul 08 08:18:10 well, except for the agenda for next week Jul 08 08:18:14 alright Jul 08 08:18:16 As soon as we set our schedule of discussion for next week. Jul 08 08:18:29 we'll fight about that & then close the meeting :) Jul 08 08:18:33 thank you, agenda was precisely the word I wanted. Jul 08 08:18:47 Okay here's what I've got: Jul 08 08:19:14 1) Webservices target list (presentation antifa) Jul 08 08:19:30 2) ROI (all, presentation: mds) Jul 08 08:19:57 3) More argument over the diagrams (freport, mds) Jul 08 08:20:30 leading to 4) Network topology discussion Jul 08 08:20:43 (all) Jul 08 08:20:55 any more suggestions? Jul 08 08:20:58 5) Discussion about the future (planning for non-participants) Jul 08 08:21:27 Even though we've got a general plan, we should think about what to do about the IDSEC's of the world Jul 08 08:21:36 Sounds good to me. Jul 08 08:21:37 anybody want to talk about the object broker idea, or is that more general DotGNU stuff? Jul 08 08:22:01 I think it's more general -- but we should get to discussing it at some point Jul 08 08:22:06 agenda looks good to me Jul 08 08:22:25 I think it's a bit far ahead, we'd best know what objects we're brokering before we discuss a generalized interface to broker them? Jul 08 08:22:33 ok Jul 08 08:22:37 i have a couple questions before everyone runs off if thats ok too Jul 08 08:22:50 Okay. Let's close the log first. Jul 08 08:22:50 Perhaps we should form an SEE working group and branch object brokering off of that Jul 08 08:23:08 I see object brokering as more connected to SEE or standalone, than anything else Jul 08 08:23:10 sounds good to me Jul 08 08:23:15 All in favour of the current agenda? Speak aye? Jul 08 08:23:20 aye Jul 08 08:23:28 aye Jul 08 08:23:34 aye Jul 08 08:23:40 aye Jul 08 08:23:57 * fitzix bangs his gavel Jul 08 08:23:58 omg i voted about something lol Jul 08 08:24:05 this meeting is adjourned End ===