Any suggestions for hack projects? Oauth is firnly on the agenda and I'm working on the infrastructure for that; perhaps someone would like to borrow a Huddle dev and attack URI testability?
I'd really like to see some work on self-documentation and discoverability, but that may be too large a topic.
For me, authentication and having an IError collection somewhere on the operation on communication context for binding and validation errors are the two largest bits of missing functionality.
I'm happy to hack about with either of these, just looking for some direction as to how people feel it should be best implemented.
Andrew
On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote:
> Any suggestions for hack projects? Oauth is firnly on the agenda and I'm working on the infrastructure for that; perhaps someone would like to borrow a Huddle dev and attack URI testability?
> I'd really like to see some work on self-documentation and discoverability, but that may be too large a topic.
The things that are stopping me from considering OpenRasta for website development at work are a lack of cookie authentication support and not having a solid place to put validation errors (I seem to remember Seb saying he was going to do away with the current Errors collection).
So long as those core building blocks are in place I'm happy to build everything else on top of them.
- Replacing and/or removing the standard contributors (such as HttpAuth) is rather clunky; it would be nice if that was streamlined - OAuth would be cool to have if you were making public facing sites - StructureMap support - Resolution to that binding problem I've reported on the mailing list
> For me, authentication and having an IError collection somewhere on > the operation on communication context for binding and validation > errors are the two largest bits of missing functionality.
> I'm happy to hack about with either of these, just looking for some > direction as to how people feel it should be best implemented.
> Andrew
> On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: > > Any suggestions for hack projects? Oauth is firnly on the agenda and I'm > working on the infrastructure for that; perhaps someone would like to borrow > a Huddle dev and attack URI testability?
> > I'd really like to see some work on self-documentation and > discoverability, but that may be too large a topic.
> The things that are stopping me from considering OpenRasta for website > development at work are a lack of cookie authentication support and not > having a solid place to put validation errors (I seem to remember Seb saying > he was going to do away with the current Errors collection).
> So long as those core building blocks are in place I'm happy to build > everything else on top of them.
> - Replacing and/or removing the standard contributors (such as HttpAuth) is > rather clunky; it would be nice if that was streamlined > - OAuth would be cool to have if you were making public facing sites > - StructureMap support > - Resolution to that binding problem I've reported on the mailing list
> On 11 February 2010 20:40, trull...@googlemail.com > <trull...@googlemail.com>wrote:
> > For me, authentication and having an IError collection somewhere on > > the operation on communication context for binding and validation > > errors are the two largest bits of missing functionality.
> > I'm happy to hack about with either of these, just looking for some > > direction as to how people feel it should be best implemented.
> > Andrew
> > On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: > > > Any suggestions for hack projects? Oauth is firnly on the agenda and I'm > > working on the infrastructure for that; perhaps someone would like to borrow > > a Huddle dev and attack URI testability?
> > > I'd really like to see some work on self-documentation and > > discoverability, but that may be too large a topic.
Cookie auth is pretty trivial - we have a pattern for drop-in authentication schemes, but you're right that replacing the existing authentication contributor feels a wee bit clunky.
I can demo cookie auth with an evening's work and, with a bit of polishing, we could contribute our authN stuff, and treat digest authentication as a supported auth scheme. I might try to have that done before Mix10, but I'm in the middle of planning a wedding which is eating up my code time :)
<ga...@robustsoftware.co.uk> wrote: > The things that are stopping me from considering OpenRasta for website > development at work are a lack of cookie authentication support and not > having a solid place to put validation errors (I seem to remember Seb saying > he was going to do away with the current Errors collection). > So long as those core building blocks are in place I'm happy to build > everything else on top of them. > - Replacing and/or removing the standard contributors (such as HttpAuth) is > rather clunky; it would be nice if that was streamlined > - OAuth would be cool to have if you were making public facing sites > - StructureMap support > - Resolution to that binding problem I've reported on the mailing list
> On 11 February 2010 20:40, trull...@googlemail.com <trull...@googlemail.com> > wrote:
>> For me, authentication and having an IError collection somewhere on >> the operation on communication context for binding and validation >> errors are the two largest bits of missing functionality.
>> I'm happy to hack about with either of these, just looking for some >> direction as to how people feel it should be best implemented.
>> Andrew
>> On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: >> > Any suggestions for hack projects? Oauth is firnly on the agenda and I'm >> > working on the infrastructure for that; perhaps someone would like to borrow >> > a Huddle dev and attack URI testability?
>> > I'd really like to see some work on self-documentation and >> > discoverability, but that may be too large a topic.
>> > Do you have a story that started on Hotmail? Tell us now
-- An infinite number of mathematicians walk into a bar. The first one orders a beer. The second orders half a beer. The third, a quarter of a beer. The bartender says "You're all idiots", and pours two beers.
Yeah, I did a crappy version of cookie auth in Jamaica but I'm not hot on security so it's probably fatally flawed. Would be good to see a decent implementation that's easy to drop in.
On 12 February 2010 10:33, Bob Gregory <pathoge...@gmail.com> wrote:
> Cookie auth is pretty trivial - we have a pattern for drop-in > authentication schemes, but you're right that replacing the existing > authentication contributor feels a wee bit clunky.
> I can demo cookie auth with an evening's work and, with a bit of > polishing, we could contribute our authN stuff, and treat digest > authentication as a supported auth scheme. I might try to have that > done before Mix10, but I'm in the middle of planning a wedding which > is eating up my code time :)
> .-- B
> On Fri, Feb 12, 2010 at 9:24 AM, Garry Shutler > <ga...@robustsoftware.co.uk> wrote: > > The things that are stopping me from considering OpenRasta for website > > development at work are a lack of cookie authentication support and not > > having a solid place to put validation errors (I seem to remember Seb > saying > > he was going to do away with the current Errors collection). > > So long as those core building blocks are in place I'm happy to build > > everything else on top of them. > > - Replacing and/or removing the standard contributors (such as HttpAuth) > is > > rather clunky; it would be nice if that was streamlined > > - OAuth would be cool to have if you were making public facing sites > > - StructureMap support > > - Resolution to that binding problem I've reported on the mailing list
> > On 11 February 2010 20:40, trull...@googlemail.com < > trull...@googlemail.com> > > wrote:
> >> For me, authentication and having an IError collection somewhere on > >> the operation on communication context for binding and validation > >> errors are the two largest bits of missing functionality.
> >> I'm happy to hack about with either of these, just looking for some > >> direction as to how people feel it should be best implemented.
> >> Andrew
> >> On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: > >> > Any suggestions for hack projects? Oauth is firnly on the agenda and > I'm > >> > working on the infrastructure for that; perhaps someone would like to > borrow > >> > a Huddle dev and attack URI testability?
> >> > I'd really like to see some work on self-documentation and > >> > discoverability, but that may be too large a topic.
> >> > Do you have a story that started on Hotmail? Tell us now
> -- > An infinite number of mathematicians walk into a bar. The first one > orders a beer. The second orders half a beer. The third, a quarter of > a beer. The bartender says "You're all idiots", and pours two beers.
I'd like people working on the authentication and caching model myself, get the extensibility stuff in. I'll try and get the prototypes in svn by then
Date: Thu, 11 Feb 2010 19:55:33 +0000 From: pathoge...@gmail.com To: openrasta@googlegroups.com Subject: Re: [openrasta] OpenRasta CodeCamp next thursday!
Any suggestions for hack projects? Oauth is firnly on the agenda and I'm working on the infrastructure for that; perhaps someone would like to borrow a Huddle dev and attack URI testability?
I'd really like to see some work on self-documentation and discoverability, but that may be too large a topic.
Is there a reason why people don't simply use forms authentication for this? Unless you're not running on asp.net, but if you are it looks like a waste to bother with anything else?
Date: Fri, 12 Feb 2010 12:29:59 +0000 Subject: Re: [openrasta] Re: OpenRasta CodeCamp next thursday! From: ga...@robustsoftware.co.uk To: openrasta@googlegroups.com
Yeah, I did a crappy version of cookie auth in Jamaica but I'm not hot on security so it's probably fatally flawed. Would be good to see a decent implementation that's easy to drop in.
On 12 February 2010 10:33, Bob Gregory <pathoge...@gmail.com> wrote:
Cookie auth is pretty trivial - we have a pattern for drop-in
authentication schemes, but you're right that replacing the existing
authentication contributor feels a wee bit clunky.
I can demo cookie auth with an evening's work and, with a bit of
polishing, we could contribute our authN stuff, and treat digest
authentication as a supported auth scheme. I might try to have that
done before Mix10, but I'm in the middle of planning a wedding which
<ga...@robustsoftware.co.uk> wrote: > The things that are stopping me from considering OpenRasta for website > development at work are a lack of cookie authentication support and not > having a solid place to put validation errors (I seem to remember Seb saying > he was going to do away with the current Errors collection). > So long as those core building blocks are in place I'm happy to build > everything else on top of them. > - Replacing and/or removing the standard contributors (such as HttpAuth) is > rather clunky; it would be nice if that was streamlined > - OAuth would be cool to have if you were making public facing sites > - StructureMap support > - Resolution to that binding problem I've reported on the mailing list
> On 11 February 2010 20:40, trull...@googlemail.com <trull...@googlemail.com> > wrote:
>> For me, authentication and having an IError collection somewhere on >> the operation on communication context for binding and validation >> errors are the two largest bits of missing functionality.
>> I'm happy to hack about with either of these, just looking for some >> direction as to how people feel it should be best implemented.
>> Andrew
>> On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: >> > Any suggestions for hack projects? Oauth is firnly on the agenda and I'm >> > working on the infrastructure for that; perhaps someone would like to borrow >> > a Huddle dev and attack URI testability?
>> > I'd really like to see some work on self-documentation and >> > discoverability, but that may be too large a topic.
> Date: Fri, 12 Feb 2010 01:34:20 -0800 > Subject: [openrasta] Re: OpenRasta CodeCamp next thursday! > From: trull...@googlemail.com > To: openrasta@googlegroups.com
> I've already gone some way to adding StructureMap support, we should > combine forces!
> Andrew
> On Feb 12, 9:24 am, Garry Shutler <ga...@robustsoftware.co.uk> wrote: > > The things that are stopping me from considering OpenRasta for website > > development at work are a lack of cookie authentication support and not > > having a solid place to put validation errors (I seem to remember Seb saying > > he was going to do away with the current Errors collection).
> > So long as those core building blocks are in place I'm happy to build > > everything else on top of them.
> > - Replacing and/or removing the standard contributors (such as HttpAuth) is > > rather clunky; it would be nice if that was streamlined > > - OAuth would be cool to have if you were making public facing sites > > - StructureMap support > > - Resolution to that binding problem I've reported on the mailing list
> > On 11 February 2010 20:40, trull...@googlemail.com > > <trull...@googlemail.com>wrote:
> > > For me, authentication and having an IError collection somewhere on > > > the operation on communication context for binding and validation > > > errors are the two largest bits of missing functionality.
> > > I'm happy to hack about with either of these, just looking for some > > > direction as to how people feel it should be best implemented.
> > > Andrew
> > > On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: > > > > Any suggestions for hack projects? Oauth is firnly on the agenda and I'm > > > working on the infrastructure for that; perhaps someone would like to borrow > > > a Huddle dev and attack URI testability?
> > > > I'd really like to see some work on self-documentation and > > > discoverability, but that may be too large a topic.
I don't use any authentication yet because I have yet to figure out how it's done. This has always been an area I need a ton of hand- holding with in any technology. I have a couple of pending questions about it on the GWT forums too as a matter of fact. It's always frustrated me both that I can't picture a concrete implementation and that people always assume I know more about it than I actually do. I've read about basic authentication and digest and http authentication and oauth but I lack whatever gray matter is necessary to translate it into code.
To put it plainly, I know how to create a login page to capture a username and password. I know how to use a salt to verify the password. After that, I still have no idea what needs to be done to handle authentication. I'm guessing the implementation is obvious but it doesn't change the fact that I can't see it.
Having typed all that out, I bet you mean use things like FormsAuthenticationTicket like you would in a legacy ASP.NET app, yesno?
On Feb 12, 2010, at 1:13 PM, Sebastien Lambla <s...@serialseb.com> wrote:
> Is there a reason why people don't simply use forms authentication > for this? Unless you're not running on asp.net, but if you are it > looks like a waste to bother with anything else?
> Date: Fri, 12 Feb 2010 12:29:59 +0000 > Subject: Re: [openrasta] Re: OpenRasta CodeCamp next thursday! > From: ga...@robustsoftware.co.uk > To: openrasta@googlegroups.com
> Yeah, I did a crappy version of cookie auth in Jamaica but I'm not > hot on security so it's probably fatally flawed. Would be good to > see a decent implementation that's easy to drop in.
> On 12 February 2010 10:33, Bob Gregory <pathoge...@gmail.com> wrote: > Cookie auth is pretty trivial - we have a pattern for drop-in > authentication schemes, but you're right that replacing the existing > authentication contributor feels a wee bit clunky.
> I can demo cookie auth with an evening's work and, with a bit of > polishing, we could contribute our authN stuff, and treat digest > authentication as a supported auth scheme. I might try to have that > done before Mix10, but I'm in the middle of planning a wedding which > is eating up my code time :)
> .-- B
> On Fri, Feb 12, 2010 at 9:24 AM, Garry Shutler > <ga...@robustsoftware.co.uk> wrote: > > The things that are stopping me from considering OpenRasta for > website > > development at work are a lack of cookie authentication support > and not > > having a solid place to put validation errors (I seem to remember > Seb saying > > he was going to do away with the current Errors collection). > > So long as those core building blocks are in place I'm happy to > build > > everything else on top of them. > > - Replacing and/or removing the standard contributors (such as > HttpAuth) is > > rather clunky; it would be nice if that was streamlined > > - OAuth would be cool to have if you were making public facing sites > > - StructureMap support > > - Resolution to that binding problem I've reported on the mailing > list
> > On 11 February 2010 20:40, trull...@googlemail.com <trull...@googlemail.com
> > wrote:
> >> For me, authentication and having an IError collection somewhere on > >> the operation on communication context for binding and validation > >> errors are the two largest bits of missing functionality.
> >> I'm happy to hack about with either of these, just looking for some > >> direction as to how people feel it should be best implemented.
> >> Andrew
> >> On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: > >> > Any suggestions for hack projects? Oauth is firnly on the > agenda and I'm > >> > working on the infrastructure for that; perhaps someone would > like to borrow > >> > a Huddle dev and attack URI testability?
> >> > I'd really like to see some work on self-documentation and > >> > discoverability, but that may be too large a topic.
> >> > Do you have a story that started on Hotmail? Tell us now
> -- > An infinite number of mathematicians walk into a bar. The first one > orders a beer. The second orders half a beer. The third, a quarter of > a beer. The bartender says "You're all idiots", and pours two beers.
There should be a screencast ready early next week about it, and there's a codecamp on thursday where am sure we're going to talk about auth a lot. :)
As for forms auth, yes I mean keeping the asp.net http auth module, redirecting to a route you define in OR and write the cookie yourself with FormsAuthenticationTicket, or simply using the existing asp.net way of doing things.
Seb
From: k...@baley.org To: openrasta@googlegroups.com Subject: Re: [openrasta] Re: OpenRasta CodeCamp next thursday! Date: Sun, 14 Feb 2010 05:32:58 -0500
I don't use any authentication yet because I have yet to figure out how it's done. This has always been an area I need a ton of hand-holding with in any technology. I have a couple of pending questions about it on the GWT forums too as a matter of fact. It's always frustrated me both that I can't picture a concrete implementation and that people always assume I know more about it than I actually do. I've read about basic authentication and digest and http authentication and oauth but I lack whatever gray matter is necessary to translate it into code.
To put it plainly, I know how to create a login page to capture a username and password. I know how to use a salt to verify the password. After that, I still have no idea what needs to be done to handle authentication. I'm guessing the implementation is obvious but it doesn't change the fact that I can't see it.
Having typed all that out, I bet you mean use things like FormsAuthenticationTicket like you would in a legacy ASP.NET app, yesno?
On Feb 12, 2010, at 1:13 PM, Sebastien Lambla <s...@serialseb.com> wrote:
Is there a reason why people don't simply use forms authentication for this? Unless you're not running on asp.net, but if you are it looks like a waste to bother with anything else?
Date: Fri, 12 Feb 2010 12:29:59 +0000 Subject: Re: [openrasta] Re: OpenRasta CodeCamp next thursday! From: ga...@robustsoftware.co.uk To: openrasta@googlegroups.com
Yeah, I did a crappy version of cookie auth in Jamaica but I'm not hot on security so it's probably fatally flawed. Would be good to see a decent implementation that's easy to drop in.
On 12 February 2010 10:33, Bob Gregory <pathoge...@gmail.com> wrote:
Cookie auth is pretty trivial - we have a pattern for drop-in authentication schemes, but you're right that replacing the existing authentication contributor feels a wee bit clunky.
I can demo cookie auth with an evening's work and, with a bit of polishing, we could contribute our authN stuff, and treat digest authentication as a supported auth scheme. I might try to have that done before Mix10, but I'm in the middle of planning a wedding which is eating up my code time :)
<ga...@robustsoftware.co.uk> wrote: > The things that are stopping me from considering OpenRasta for website > development at work are a lack of cookie authentication support and not > having a solid place to put validation errors (I seem to remember Seb saying > he was going to do away with the current Errors collection). > So long as those core building blocks are in place I'm happy to build > everything else on top of them. > - Replacing and/or removing the standard contributors (such as HttpAuth) is > rather clunky; it would be nice if that was streamlined > - OAuth would be cool to have if you were making public facing sites > - StructureMap support > - Resolution to that binding problem I've reported on the mailing list
> On 11 February 2010 20:40, trull...@googlemail.com <trull...@googlemail.com> > wrote:
>> For me, authentication and having an IError collection somewhere on >> the operation on communication context for binding and validation >> errors are the two largest bits of missing functionality.
>> I'm happy to hack about with either of these, just looking for some >> direction as to how people feel it should be best implemented.
>> Andrew
>> On Feb 11, 7:55 pm, "Bob Gregory" <pathoge...@gmail.com> wrote: >> > Any suggestions for hack projects? Oauth is firnly on the agenda and I'm >> > working on the infrastructure for that; perhaps someone would like to borrow >> > a Huddle dev and attack URI testability?
>> > I'd really like to see some work on self-documentation and >> > discoverability, but that may be too large a topic.
>> > Do you have a story that started on Hotmail? Tell us now
-- An infinite number of mathematicians walk into a bar. The first one orders a beer. The second orders half a beer. The third, a quarter of a beer. The bartender says "You're all idiots", and pours two beers.
Got a cool Hotmail story? Tell us now _________________________________________________________________ Tell us your greatest, weirdest and funniest Hotmail stories http://clk.atdmt.com/UKM/go/195013117/direct/01/
A shame all the fun seems to happen in London. I'd like to get a handle on server side request composition so I can get my N2 integration out of the door without the nasty resource inheritance.
On Thu, Feb 11, 2010 at 11:57 AM, Sebastien Lambla <s...@serialseb.com>wrote:
If you have a small reusable scenario, we can try and discuss it on the ML to find a nice architecture for it, then we can pair one evening next week or the week after on it?
Seb
Date: Sun, 14 Feb 2010 12:19:02 +0000 Subject: Re: [openrasta] OpenRasta CodeCamp next thursday! From: ryansrobe...@gmail.com To: openrasta@googlegroups.com
A shame all the fun seems to happen in London. I'd like to get a handle on server side request composition so I can get my N2 integration out of the door without the nasty resource inheritance.
On Thu, Feb 11, 2010 at 11:57 AM, Sebastien Lambla <s...@serialseb.com> wrote:
