Roblag
Just like a diary, only without a way to dot the i’s with hearts; robla, margl, and hazel’s blog

Looks like Dan Libby posted a [Wikitech-l] MediaWiki OpenID patch. I’ll have to give it a spin after I get done with my current project.

I’ve implemented a news feed for Spectaclar that’s a general purpose open source access control feed, that will probably also veer a lot into authentication, identity, and other single signon stuff. It includes updates on Spectaclar, but also incorporates outside blogs. It uses the reFeed component of reBlog. reBlog is very, very cool…it makes it really simple to syndicate lots of news feeds.

It’s still pretty rough around the edges, but now there’s a patch to add OpenID authentication support to Bugzilla. It’s not ideal, as it still requires you to go through the email ping-pong process, but the good news is that once you tie an OpenID identifier to your BZ account, you can authenticate via your OpenID account and not have to maintain a separate password for BZ.

I’ve been working on a bunch of miscellaneous stuff this week which are loosely related to the “Spectaclar” project:

• A lot of wiki cleanup - I think I got most of the dead links, so that there’s at least stub articles everywhere there’s a link
• Patch to MediaWiki - not a huge contribution, but one that really helped me understand the access control model in MW
• Wrote a development planning doc for WordPress. There’s been a lot of acrimony this week about the WordPress development process, which the planning doc is a response to. I’m waiting for a review from Lorelle before floating it on the wp-hackers list. The acrimony has already died down, but I’m hoping this will provide some structure for requesting features.
• I’ve installed Bugzilla/CVS (2.19.3+) - thinking about taking a stab an OpenID plugin for BZ, since I’m somewhat familiar with the BZ auth plugin model.

More on Spectaclar. Haven’t done much today on the site, as I’ve been working on Mediawiki and riding my bike and enjoying being a slacker.

There’s a blurb that I just added to the site that’s probably worth blogging.

The primary focus for this site, at the time of this writing, is authorization, as opposed to authentication or accounting. I plan to go with the flow, so if there ends up being a bunch of interest in authentication or accounting, I’m not going to fight it, but it’s not where I plan to spend the bulk of my time. There are a lot of folks (Liberty Alliance, OpenID) thinking about authentication and identity issues, so I’m hoping for a little division of labor.

Both authentication and authorization are big problems. The funny thing is there seem to be more solutions for authentication than authorization, probably because authentication is the first “A” in “AAA”. They tend to run out of steam by the time they get to authorization, which is why I want to start there.

However, it’s not as though there’s a specific piece of software that we’re writing here yet, and it’s not as though the “authentication” community and the “authorization” communities are entirely disjoint. We’ll see which way it really swings after a while (if it does anything at all).

Well, I’m ready to start talking about “Spectaclar“, which is my new website (and hopefully community) around open source access control. I’ve written a rather long explanation of what Spectaclar is about. To summarize, I’m trying to find a few really good open source web applications, understand their access control mechanisms, and begin to try aligning them. I’ve added an announcement list and discussion list, and I’ll start bloggnig here about my progress as well.