Single Sign-On:
Bram and raph: I assume
that the point of the challenge / response pairs is to
collapse the backchannel into an occasional "stocking up"
transaction between blog.example.com and signon.example.net?
However, why not just have blog.example.com register a
public key at signon.example.net, then generate the
challenge by encrypting a shared datum with its private key
as the challenge? When signon.example.net redirects the user
back to blog.example.com, it can similarly encrypt the
response so blog.example.com will know the response is
authentic. That way, the sites don't need to "stock up" on
challenge / response pairs.
Having said that, I now want to make the case that the
backchannel is important for the non-trivial logout
case. The user needs to be able to log out concisely from
all SSO sites. The best way to do that, without forcing a
double-check between blog.example.com and signon.example.net
every time the user hits a page is for signon.example.net to
tell any "active" sites that the user has logged out.
Unfortunately, this means signon.example.net is going to
have to retain some state. However, I think that's an
unavoidable necessity, as you also want the user to control
what sites are allowed to use the signon profile. I can't
imagine not wanting a site to be part of my profile, but,
well, maybe I can :)
The backchannel can also be useful, when the client supports
images, for implementing a "silent", webbug-based
login. blog.example.com includes an image that's hosted on
signon.example.net. Upon receipt of that request,
signon.example.net sends a backchannel message to
blog.example.com confirming the user's signin
status. Subsequent pages at blog.example.com can then take
advantage of that status without the user ever following the
login button.
Assuming blog.example.com gives signon.example.com the
graphics (through the backchannel, through prior agreement,
or by reference in the webbug's src URL), then the user gets
immediate feedback about their login status by which graphic
signon.example.net returns.
example.com:
Bram's description of the single sign-on
proposal also made me realize I should evangelize the use of
example.{com,net,org} here. BCP 32 / RFC
2606 reserves four TLDs (.test, .example, .invalid, and
.localhost) for use in testing, documentation, etc. It also
reserves the SLDs example.com, example.net, and
example.org. It recommends using the .example TLD for
documentation, though I personally believe the "average
reader" will more readily recognize an example.{com,net,org}
SLD as a "domain name".
Anyway, the reason I implore you to use the RFC 2606 domains
comes from (admittedly embarassing) direct, personal
experience. A long time ago (okay, two years), my primary
mailserver was still running some egregious sendmail hacks
(written by my local guru, not me) that provided virtual
domains (before they were standard). Unfortunately, my
meager understanding of those hacks, and the amount of cruft
we had built around them, conspired to keep me from
correcting the fact that the machine was an open relay.
While working at jGuru, I "helped out" a few of our gurus
who needed a decent relay, didn't have SMTP AUTH support in
their clients, and didn't have fixed IPs (and had ISPs that
were refusing to relay mail coming from within their
networks not bearing a From: address of
@isp.example.com. Sigh.)
I promise, this is going somewhere. Anyway, one of the gurus
was writing a piece on sending mail from within Java. In
that piece, he provided code that used my mail server as its
MTA. So, until I managed to (a) close the relay (which, yes,
I know, I needed to close and I was being an irresponsible
Internet citizen and so forth) and (b) get the article
rewritten to use mail.example.com instead, I put up with a
bounce message every day or three from someone that didn't
understand they needed to put in the address of their
own SMTP relay.
Now it's my sworn duty to evangelize RFC 2606. And to get
websites to properly accept the plus sign (+) in the
lefthand side of an email address. And to get them to accept
the plus sign in a phone number. And to get AT&T to keep
my bill available online for more than three months. I go
paperless to save them money and they can't keep 7k of
compressed data around for more than three months. Anyway,
that's Mr. Quixote to you!
So, how about blog.example.com and signon.example.net? :)
Work:
A fantastically productive week. 70+ hours on the clock from
Monday to Monday (inclusive). The project isn't delivered
yet, but I cleaned up a lot of cruft, and put in place a new
architecture that I can phase in piecemeal and still start
enjoying from day one. Also tried out some simple XP
refactoring tricks that are obvious and yet somehow
overlooked :) (rename the old thing and all clients of it,
create the new thing, migrate clients one by one, then
remove the old thing).
Also, I finally wrote a wrapper for Perforce's branching
that does all of the steps involved in maintaining the most
common kind of branch I make. Now branching is a one sweetly
simple step. Note that the agony here is introduced by my
very anal separation of clients per branch, not by any
inherent limitation of Perforce (not that Perforce doesn't
have inherent limitations, mind you).
I bought Microsoft:
I bought really cool-looking game this weekend - Age of
Empires II, The Age of Kings (as a reward for later, when
I've gotten some more bits delivered). Opened it up and read
through the instructions. Only later did I notice the
Microsoft logo on the box. Sigh. I would have rather
supported a smaller, hungrier shop if I'm going to indulge
in a little bit of proprietary software compromise.
Compromise:
On the subject of compromise, I had a good discussion with
Allen Briggs over lunch the other day. As I creep up on
thirty (1973-04-06), I'm doing the understandable
reflection, introspection, and general "what have I done,
and what do I have left to do?"
The short answers are "not much" and "a lot", but those
grossly oversimplify things, because the truth is that
I've done a fantastic amount, but have little tangible
evidence of it.
Anyway, in the process of all of this, I realized that,
whenever we get around to having kids, I want to raise
them to see a pragmatic balance between their idealism and
the mundane, material needs and desires of the
world. There is a grounding in compromise I never got,
which I think might have helped me to further my ideals.
What it boils down to is, ironically, something Stallman wrote in Copyleft: Pragmatic Idealism:
If you want to accomplish something in the world,
idealism is not enough--you need to choose a method that
works to achieve the goal.
I say "ironically" because the kind of pragmatism I'm
talking about is precisely the kind Stallman rejects in
other writings. I guess you could call it "embracing the
enemy". Or just "selling out".
When I raise my kids, I'm going to try teach them to think
clearly and rationally about what they want to accomplish,
and to weigh the ethics of acting quickly to achieve more,
versus acting slowly to achieve less, but achieve it more
purely.
In practical terms, I'm going to advise them to go out,
make assloads of money while they're young, energetic, and
full of bright ideas, then turn around and spend that
money while they're older, wiser, and can make it do the
most good to bring about all of the changes they wanted to
see when they were younger.
Because I've learned one thing, finally, and I learned it
from Fried Green Tomatoes. Older and richer beats younger
and faster.
Of course, the inherent challenge is to remain internally
faithful to your ideals while you're externally working in
apparent opposition to them.
With that said, I'm also going to do my damndest to teach
them that they can work outside of where their ideals
would otherwise take them to rake in the cheddar. For
instance, I'm going back to school in the fall and getting
an accounting degree. Who knew? Anyway, that way, when
Irene gets out of law school, we can open a firm that does
accounting and law in one place (useful when estates and
the like are your bread and butter work). Both accounting
and law can be fantastically lucrative, and even so when
done ethically (if you pick the right areas of both, of
course :) ).
And all of that can pay me, ultimately, to write more Free
software. And raise kids who can follow their own dreams
without looking back and wondering where the time went.
Fortunately, longevity runs in my family, so I've still
got at least two more of my lifetime so far to noodle out
the rest of the details and make my big contribution :) I
mean, look at Dave
Winer. He's my dad's age, and he's still got the
juice. I mean, I respectfully disagree with some of his
positions (more, later), but he keeps stretching himself
and his ideas, and keeps generating vision. No
ossification there. Keep it up, Dave!