[OpenID] **VL-JUNK** RE: opensource library
James Tindall
james at atomless.com
Wed Jun 4 10:37:26 UTC 2008
Thanks very much Peter,
I will certainly take a closer look at saml servers, opensaml and
shiboleth. Although as I'm writing the OpenID RP library for the kohana
php framework that already has secure session handling, db wrappers, and
encryption libraries I'd like to not duplicate the functionality of
those in my openID library. What would be very usefull would be an
overview of the OpenID authentication processes without the session and
encryption parts; the process stripped to just the essential steps, xri
resolution, all the required and possible params sent between OP and RP
at each step, selecting the best endpoint from services listed in an
xrds doc, etc...
Peter Williams wrote:
> I approached what you are after by looking in detail at saml servers, rather than yet more openid code. There is little difference between the two protocols in practical outputs, and I recognized that the saml spec was clearly an expression of a type system specified to generically expess the processing requirements. This focus on type theory contrasts with openid quite properly - as its a natural contrast between securty engineering designed for assurance vs software engineering designed to be a lightweight use of processing resources.
>
> So don't let this become a critique of openid for being excellent at doing what its supposed to do! Perhaps do reflect on the rsa fim server documents (to see how j2ee architecture expresses the saml spec's type system) or the shib/opensaml source (to see how the c classes interplay to express yet more than does the saml spec: how to build a server framework for secured, plug and play web services)
>
> -----Original Message-----
> From: James Tindall <james at atomless.com>
> Sent: Wednesday, June 04, 2008 2:20 AM
> To: general at openid.net <general at openid.net>
> Subject: [OpenID] opensource library
>
> Hello all,
>
> I'm trying to write an opensource OpenId (Relying Party) library for an
> opensource php framework called kohana.
> I've been following the Janrain php library because it seemed the most
> comprehensive and full featured but I was wondering if there were other
> libraries out there that are as complete as the Janrain library but
> possibly a little cleaner? The focus with the Janrain library seems to
> have been to cover as many use senarios as possible and to include
> everything needed including session handling - but this has meant that
> the codebase is not at all transparent. As a programmer/web-developer
> picking apart other libraries is often the best way to get an
> understanding of how to write code to handle certain tasks. I've looked
> at just about all of the libraries listed on the openid.net wiki but
> have not as yet found one that is both feature complete and clean and
> clearly coded.
>
> Any suggestions of any helpfull resouces would be much appreciated!
>
> James
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
More information about the general
mailing list