Personal info for avi

This person is currently certified at Master level.

Name: Avi Bryant

Homepage: http://avibryant.com

This person is:

• a Lead Developer on project Seaside.
• a Lead Developer on project Monticello.
• a User on project Connectors.
• a User on project Comanche.
• a User on project PostgreSQL Client.
• a Developer on project SmallBlog.
• a Lead Developer on project GOODS client.
• a Admirer on project MorphicWrapper.
• a Admirer on project Traits.
• a Admirer on project Gardner.
• a Admirer on project Slate.
• a Admirer on project SmallWiki.
• a Admirer on project Squat.
• a Admirer on project SqueakElib.
• a User on project SqueakMap.
• a Admirer on project KCP.
• a Admirer on project Flow.

Recent diary entries for avi:

14 Feb 2004  »

So I've been hacking some on Monticello today, trying to make the dependency mechanism a little less awful. In particular, I'm working on letting you merge an entire bundle in one operation, instead of popping up a sequence of individual merge dialogs.

An interesting thing is happening as I'm doing this. So far, the bottom layer and core concept in Monticello has been the Package - everything else has been built around this. So there's a PackageLoader for getting stuff into the image, the Merger expects to be merging versions of packages, and so on. In practice, I had noticed that these things mostly operated on Patches, but since I thought of these as the difference between packages it still all seemed to revolve around the package.

However, I'm now having to expand the Loader and Merger so that they can deal with multiple packages at once, and I'm suddenly realizing that packages are irrelevant at that layer. All you care about when merging or loading something into an image is patches, just the raw modifications being made to the code. Where the patches originally came from really isn't your concern. So my mental image of the layers suddenly did a backflip, with Patch at the bottom, Merger and Loader making use of it, and Package and Snapshot on top as a convenient way of producing patches (and of course Version further up still).

This probably isn't very interesting to anyone else, but that's what diaries are all about...

10 Feb 2004 (updated 12 Feb 2004)  »

As of today, there are at least three web sites that most developers using Squeak will want to have an account on: the SqueakMap of released software, the Squeak People Advogato clone, and the new SqueakSource public version control repository. My guess is that there will be more to come.

This has got me thinking about single-sign on systems, something I've had some experience developing over the last year. At one point, frustrated by the complexity of systems like the Liberty Alliance, I tried to come up with a truly small and simple system for sharing user accounts. I call it MISO, for Minimalist Integrated Sign On, and I'd like to propose a that we try it as a standard for (to begin with) Squeak community web sites.

Feb 12: I've revised this quite a bit from my initial posting...

The idea behind MISO is this:

Every user has a profile. This profile contains whatever information (name, email address) the user wishes to share about themselves. It also must contain a public key for that user. This public key must remain constant - it is the primary key of the profile. The rest of the information can be changed as the user wishes. Sensitive information should not be placed in the profile, as it can in practice be viewed by anyone.

The profile has a "home site" where it is hosted. This is likely a central site operated for and by a particular community (miso.squeakfoundation.org, say), but in theory it could be anywhere. The user must trust their host completely, since it controls their profile and stores the private key that matches the public key in the profile. Particularly paranoid users will of course want to set up their own home sites to host their profiles. There is nothing in the profile that ties it to the home site - they could be moved from host to host as long as you have a way to safely transfer the private key as well.

When a user accesses a MISO enabled application, they pass the URL of their profile as a query parameter. They also pass a large random number as a session id. Most likely, they do not type these in by hand. Instead, they will log in to the home site, and ask it to redirect them to the application they wish to visit. The home site will automatically generate a new session id and add it and the profile URL as parameters to the redirect. The home site must also record the time the session id was created, and the URL to which it is redirecting.

The MISO enabled application will then request the profile from the URL, passing the session id as a query parameter. The response will be the profile wrapped in an "envelope" that consists of:

• a header containing the profile URL and session id
• a header containing the URL of the application for which this session was created
• a header containing a timestamp of when the session was created
• a DSA signature at the end of the entire document, including the above headers and the profile itself, signed with the profile's private key

The host should not accept multiple requests using the same session id - once a single request has been made, that session should be expired. It should not accept requests for session ids it knows nothing about. The application should not accept responses with a session id or profile URL that do not match the one they requested, or with a timestamp older than a a few seconds. The application must verify the signature against the public key in the profile.

The one time use session id, included in the signed document, means that the interaction is unique and cannot be replayed. The signature means that the document cannot be modified in transit, and did indeed come from someone with the right private key. Providing the URL of the application for which the session was created should ensure that it is the user that is accessing the application, and not another application subverting a session that was intended for itself.

Exactly what the application does with the profile is up to it. In general, the application will likely maintain some mapping between the public key of the profile and an account object in the local application. How this association is set up will vary from application to application, but most likely the first time an application sees a particular profile they will require the user to fill in some form to further identity themselves; from that point forward, the application will know who they are.

A useful service that a home site could provide is to act as a general redirection engine - it could have a "redirect" URL that accepted the URL of a MISO application as a query parameter. It would then authenticate the user (through HTTP Basic Authentication, or by verifying a cookie from the user's browser, or if necessary with a login form), and immediately redirect them to the provided URL along with their profile and session info. If the profile advised a MISO application of the availability of such a service, the application could modify any links between it and other applications to go through this redirection so that the user could move between the applications without having to login again.

13 Nov 2003  »

Too many blogs...

For now, check out HREF Considered Harmful, which is where I usually post. But maybe I'll use this space as a development diary, if I find anything useful to say...

This person has certified others as follows:

• avi certified cdegroot as Journeyer
• avi certified BertFreudenberg as Master
• avi certified NedKonz as Master
• avi certified AndreasRaab as Master
• avi certified rowledge as Master
• avi certified julian as Journeyer
• avi certified brian as Apprentice
• avi certified water as Journeyer
• avi certified DiegoGomezDeck as Journeyer
• avi certified lukas as Journeyer
• avi certified cwp as Journeyer
• avi certified hylander as Journeyer
• avi certified spair as Journeyer
• avi certified blaineb as Apprentice
• avi certified ohshima as Journeyer
• avi certified bkv as Journeyer
• avi certified dvf as Journeyer
• avi certified JohnMcIntosh as Master
• avi certified luciano as Journeyer
• avi certified kirtai as Apprentice
• avi certified rh as Apprentice
• avi certified jmax as Apprentice
• avi certified Craig as Master
• avi certified chadfowler as Apprentice
• avi certified MichaelPruemm as Apprentice
• avi certified peter as Apprentice
• avi certified ajr as Apprentice
• avi certified andrew as Apprentice
• avi certified FrankCag as Apprentice
• avi certified JulienBourdon as Apprentice
• avi certified lexspoon as Journeyer
• avi certified sr as Apprentice
• avi certified pablo as Apprentice
• avi certified bp as Apprentice
• avi certified bmatasar as Apprentice
• avi certified jdbell as Apprentice

Others have certified this person as follows:

• AndreasRaab certified avi as Master
• cdegroot certified avi as Journeyer
• NedKonz certified avi as Master
• water certified avi as Master
• mas certified avi as Master
• brian certified avi as Master
• spair certified avi as Master
• julian certified avi as Master
• laza certified avi as Master
• DiegoGomezDeck certified avi as Journeyer
• ducasse certified avi as Journeyer
• bpagano certified avi as Master
• bkv certified avi as Master
• TorstenBergmann certified avi as Master
• gokr certified avi as Master
• dvf certified avi as Master
• dway certified avi as Master
• MikeRoberts certified avi as Journeyer
• cwp certified avi as Master
• lukas certified avi as Master
• Socinian certified avi as Master
• yanni certified avi as Master
• elvislives certified avi as Master
• gaelli certified avi as Master
• simon certified avi as Master
• HernanTylim certified avi as Master
• GermanArduino certified avi as Master
• KenCausey certified avi as Master
• AdamSpitz certified avi as Master
• SergeStinckwich certified avi as Master
• bjb certified avi as Master
• dclapp certified avi as Master
• jimm certified avi as Master
• DanyAltman certified avi as Journeyer
• kirtai certified avi as Master
• chbu certified avi as Master
• DanRozenfarb certified avi as Master
• rga certified avi as Master
• Craig certified avi as Master
• rwuyts certified avi as Journeyer
• edgardec certified avi as Master
• pwl certified avi as Master
• jj certified avi as Master
• laton13 certified avi as Master
• RobWithers certified avi as Master
• ragnar certified avi as Master
• blaineb certified avi as Master
• RomainRobbes certified avi as Master
• picxenk certified avi as Master
• kjw certified avi as Master
• LantzR certified avi as Master
• mue certified avi as Master
• sam certified avi as Master
• humasect certified avi as Master
• iho certified avi as Master
• jpierce certified avi as Master
• BertFreudenberg certified avi as Master
• maf certified avi as Master
• darrenhobbs certified avi as Master
• nmanzanos certified avi as Master
• chrismuller certified avi as Master
• Chronos certified avi as Master
• tonyg certified avi as Master
• ab certified avi as Master
• ev0l certified avi as Master
• cdrick certified avi as Master
• diegopark certified avi as Journeyer
• djr certified avi as Master
• tansel certified avi as Master
• noury certified avi as Master
• FrankShearar certified avi as Master
• ron certified avi as Master
• noha certified avi as Master
• cnantais certified avi as Master
• oscar certified avi as Master
• flizarralde certified avi as Master

[ Certification disabled because you're not logged in. ]

[ Home | Articles | Login/Account | People | Projects ]