From maciej at pasternacki.net  Tue Aug 12 21:44:18 2008
From: maciej at pasternacki.net (Maciek Pasternacki)
Date: Tue, 12 Aug 2008 23:44:18 +0200
Subject: [cl-openid-devel] API discussion
Message-ID: <1218577458.4058.5.camel@localhost>

Hello,

As I wrote in my last report, I finally provided first-class objects for
RP and OP, exported basic API and separated examples.

The exported API is by no means final -- it's minimal and instead of
thinking about every possible use case, I decided to export bare minimum
and wait for need or request to export more.  I don't think I'd be able
to predict many non-trivial usage patterns, and this way I can just call
it agile programming ;)

I know the docs aren't there yet, but I'd appreciate if any of you did
look at the examples and commented on proposed API (especially on what
is it lacking).  Deadline is just a week away, and I hope to have 1.0
then :)

Regards,
Maciej.

-- 
-><- Maciej 'japhy' Pasternacki -><- http://www.pasternacki.net/ -><-



From avodonosov at yandex.ru  Tue Aug 12 23:29:11 2008
From: avodonosov at yandex.ru (Anton Vodonosov)
Date: Wed, 13 Aug 2008 02:29:11 +0300
Subject: [cl-openid-devel] API discussion
In-Reply-To: <1218577458.4058.5.camel@localhost>
References: <1218577458.4058.5.camel@localhost>
Message-ID: <290773.20080813022911@yandex.ru>

Hello, Maciej.

Comments in the examples ave very desirable, because they
would make the API easier to understand.

Yesterday I glanced over the examples, but didn't understand them.
Today I tried again and now I understand some peaces, but
not everything.

It looks like I need to create similar example myself to get feeling
of the API.

I will do it as soon as possible.

Regards,
-Anton

on Wednesday, August 13, 2008, 12:44:18 AM Maciek wrote:

> Hello,

> As I wrote in my last report, I finally provided first-class objects for
> RP and OP, exported basic API and separated examples.

> The exported API is by no means final -- it's minimal and instead of
> thinking about every possible use case, I decided to export bare minimum
> and wait for need or request to export more.  I don't think I'd be able
> to predict many non-trivial usage patterns, and this way I can just call
> it agile programming ;)

> I know the docs aren't there yet, but I'd appreciate if any of you did
> look at the examples and commented on proposed API (especially on what
> is it lacking).  Deadline is just a week away, and I hope to have 1.0
> then :)

> Regards,
> Maciej.






From maciej at pasternacki.net  Wed Aug 13 15:00:50 2008
From: maciej at pasternacki.net (Maciek Pasternacki)
Date: Wed, 13 Aug 2008 17:00:50 +0200
Subject: [cl-openid-devel] API discussion
In-Reply-To: <290773.20080813022911@yandex.ru> (Anton Vodonosov's message of
	"Wed\, 13 Aug 2008 02\:29\:11 +0300")
References: <1218577458.4058.5.camel@localhost>
	<290773.20080813022911@yandex.ru>
Message-ID: <ufxp9yn6l.fsf@pasternacki.net>

Hello,

I just added some comments to the examples.  Hope this clears things
up a bit.

Anton Vodonosov <avodonosov at yandex.ru> writes:

> Hello, Maciej.
>
> Comments in the examples ave very desirable, because they
> would make the API easier to understand.
>
> Yesterday I glanced over the examples, but didn't understand them.
> Today I tried again and now I understand some peaces, but
> not everything.
>
> It looks like I need to create similar example myself to get feeling
> of the API.
>
> I will do it as soon as possible.
>
> Regards,
> -Anton
>
> on Wednesday, August 13, 2008, 12:44:18 AM Maciek wrote:
>
>> Hello,
>
>> As I wrote in my last report, I finally provided first-class objects for
>> RP and OP, exported basic API and separated examples.
>
>> The exported API is by no means final -- it's minimal and instead of
>> thinking about every possible use case, I decided to export bare minimum
>> and wait for need or request to export more.  I don't think I'd be able
>> to predict many non-trivial usage patterns, and this way I can just call
>> it agile programming ;)
>
>> I know the docs aren't there yet, but I'd appreciate if any of you did
>> look at the examples and commented on proposed API (especially on what
>> is it lacking).  Deadline is just a week away, and I hope to have 1.0
>> then :)
>
>> Regards,
>> Maciej.


From avodonosov at yandex.ru  Thu Aug 14 21:32:52 2008
From: avodonosov at yandex.ru (Anton Vodonosov)
Date: Fri, 15 Aug 2008 00:32:52 +0300
Subject: [cl-openid-devel] library does not work because of defclass-star
In-Reply-To: <1216158559.10126.101.camel@localhost>
References: <20080714224539.fb050a9f.scusack@fastmail.com.au>
	<1216048287.10126.93.camel@localhost>
	<1487610283.20080714224004@yandex.ru>
	<1216158559.10126.101.camel@localhost>
Message-ID: <766389846.20080815003252@yandex.ru>

Hello, Maciej.

I can not test the library, it does not work at all.
Provider class it coded using defclass*, but
the defclass-star is not mentioned in the asdf system.

Please remove defclass* and use standard defclass ASAP.

Best regards,
-Anton



From avodonosov at yandex.ru  Thu Aug 14 23:51:28 2008
From: avodonosov at yandex.ru (Anton Vodonosov)
Date: Fri, 15 Aug 2008 02:51:28 +0300
Subject: [cl-openid-devel] remaining tickets
Message-ID: <124827952.20080815025128@yandex.ru>

I am thinking of our tickets.

Initially I thought that the #12 - "openid.return_to
verification based on realm, relying party discovery"
is very important, a kind of security breach.

But does any known provider support this?
I have tried to perform Yadis discovery on blogger
and livejournal. Either I do something wrong, or the
do not list RP endpoints. Or they implement openid elder
than 2.0?

According to this -
http://wiki.openid.net/OpenIDChanges#Realm_verification
- there are some attacks possible without the realm
verification, and that is why the verification was
introduced in 2.0.

But on the other hand it is not a MUST, but 'only' SHOULD.

And I do not want our library to reject livejournal if
it does not list RP endpoints.

What do you think of this ticket importance?

#9 "Verifying the Return URL error" is important because
it is a protocol bug; but it is trivial to fix.

Thread safety is important, implementation is relatively
simple.

Remaining (#7, #8, #10, #11) are minors at the moment.

-Anton



From maciej at pasternacki.net  Sun Aug 17 23:50:30 2008
From: maciej at pasternacki.net (Maciek Pasternacki)
Date: Mon, 18 Aug 2008 01:50:30 +0200
Subject: [cl-openid-devel] Initial documentation
Message-ID: <1219017030.4047.35.camel@localhost>

Hello all,

I have just pushed first cut at documentation.  It is available at
http://common-lisp.net/project/cl-openid/darcs/cl-openid/README.html

I will review both API and doc tomorrow (possibly with some
slot/accessor renames), but here's what I have now.  I'd be glad to hear
any remarks.

Regards,
Maciej.



From maciej at pasternacki.net  Mon Aug 18 19:59:30 2008
From: maciej at pasternacki.net (Maciek Pasternacki)
Date: Mon, 18 Aug 2008 21:59:30 +0200
Subject: [cl-openid-devel] [ANN] CL-OpenID 1.0 rc1
Message-ID: <1219089570.4047.48.camel@localhost>

As this year's Google Summer of Code pencils down date has passed, with
great pleasure I announce that CL-OpenID version 1.0 Release Candidate 1
is out.

Cl-OpenID is an implementation of OpenID protocol in Common Lisp.  It
implements OpenID Authentication 2.0 standard and is compatible with
OpenID Authentication 1.1.  Both Relying Party (formerly called OpenID
Consumer), and OpenID Provider are implemented.

CL-OpenID is available on terms of GNU Lesser General Public License
version 2.1 with Franz Inc.'s preamble, also known as LLGPL (Lisp
Lesser General Public License).

The project has been developed as a Google Summer of Code 2008 project,
developed by Maciej Pasternacki and mentored by Anton Vodonosov.
Original application is published at.

CL-OpenID home page is at http://common-lisp.net/project/cl-openid/

Current code is in darcs repository http://common-lisp.net/project/cl-openid/darcs/cl-openid/

The 1.0 Release Candidate 1 version is tagged 1_0_rc1 in darcs, and is
also downloadable from http://common-lisp.net/project/cl-openid/files/
(MD5 checksum for 1.0rc1 tarball is 248dbf1338a645505e9c53462867c93e),
either directly, or with ASDF-Install.

Full documentation is at http://common-lisp.net/project/cl-openid/darcs/cl-openid/README.html

Final status report and plans for the future is published on my blog, at
http://blog.pasternacki.net/2008/08/18/gsoc-status-update-week-12-final/





From avodonosov at yandex.ru  Mon Aug 18 21:39:42 2008
From: avodonosov at yandex.ru (Anton Vodonosov)
Date: Tue, 19 Aug 2008 00:39:42 +0300
Subject: [cl-openid-devel] [ANN] CL-OpenID 1.0 rc1
In-Reply-To: <1219089570.4047.48.camel@localhost>
References: <1219089570.4047.48.camel@localhost>
Message-ID: <2210351460.20080819003942@yandex.ru>

Hello Maciej.

My congratulations!

Best regards,
-Anton


on Monday, August 18, 2008, 10:59:30 PM Maciek wrote:

> As this year's Google Summer of Code pencils down date has passed, with
> great pleasure I announce that CL-OpenID version 1.0 Release Candidate 1
> is out.

> Cl-OpenID is an implementation of OpenID protocol in Common Lisp.  It
> implements OpenID Authentication 2.0 standard and is compatible with
> OpenID Authentication 1.1.  Both Relying Party (formerly called OpenID
> Consumer), and OpenID Provider are implemented.

> CL-OpenID is available on terms of GNU Lesser General Public License
> version 2.1 with Franz Inc.'s preamble, also known as LLGPL (Lisp
> Lesser General Public License).

> The project has been developed as a Google Summer of Code 2008 project,
> developed by Maciej Pasternacki and mentored by Anton Vodonosov.
> Original application is published at.

> CL-OpenID home page is at http://common-lisp.net/project/cl-openid/

> Current code is in darcs repository
> http://common-lisp.net/project/cl-openid/darcs/cl-openid/

> The 1.0 Release Candidate 1 version is tagged 1_0_rc1 in darcs, and is
> also downloadable from http://common-lisp.net/project/cl-openid/files/
> (MD5 checksum for 1.0rc1 tarball is 248dbf1338a645505e9c53462867c93e),
> either directly, or with ASDF-Install.

> Full documentation is at
> http://common-lisp.net/project/cl-openid/darcs/cl-openid/README.html

> Final status report and plans for the future is published on my blog, at
> http://blog.pasternacki.net/2008/08/18/gsoc-status-update-week-12-final/



> _______________________________________________
> cl-openid-devel mailing list
> cl-openid-devel at common-lisp.net
> http://common-lisp.net/cgi-bin/mailman/listinfo/cl-openid-devel




From avodonosov at yandex.ru  Mon Aug 18 21:42:05 2008
From: avodonosov at yandex.ru (Anton Vodonosov)
Date: Tue, 19 Aug 2008 00:42:05 +0300
Subject: [cl-openid-devel] [ANN] CL-OpenID 1.0 rc1
In-Reply-To: <2210351460.20080819003942@yandex.ru>
References: <1219089570.4047.48.camel@localhost>
	<2210351460.20080819003942@yandex.ru>
Message-ID: <1958426948.20080819004205@yandex.ru>

And thanks for improving Common Lisp with a new library!

on Tuesday, August 19, 2008, 12:39:42 AM Anton wrote:

> Hello Maciej.

> My congratulations!

> Best regards,
> -Anton


> on Monday, August 18, 2008, 10:59:30 PM Maciek wrote:

>> As this year's Google Summer of Code pencils down date has passed, with
>> great pleasure I announce that CL-OpenID version 1.0 Release Candidate 1
>> is out.

>> Cl-OpenID is an implementation of OpenID protocol in Common Lisp.  It
>> implements OpenID Authentication 2.0 standard and is compatible with
>> OpenID Authentication 1.1.  Both Relying Party (formerly called OpenID
>> Consumer), and OpenID Provider are implemented.

>> CL-OpenID is available on terms of GNU Lesser General Public License
>> version 2.1 with Franz Inc.'s preamble, also known as LLGPL (Lisp
>> Lesser General Public License).

>> The project has been developed as a Google Summer of Code 2008 project,
>> developed by Maciej Pasternacki and mentored by Anton Vodonosov.
>> Original application is published at.

>> CL-OpenID home page is at http://common-lisp.net/project/cl-openid/

>> Current code is in darcs repository
>> http://common-lisp.net/project/cl-openid/darcs/cl-openid/

>> The 1.0 Release Candidate 1 version is tagged 1_0_rc1 in darcs, and is
>> also downloadable from http://common-lisp.net/project/cl-openid/files/
>> (MD5 checksum for 1.0rc1 tarball is 248dbf1338a645505e9c53462867c93e),
>> either directly, or with ASDF-Install.

>> Full documentation is at
>> http://common-lisp.net/project/cl-openid/darcs/cl-openid/README.html

>> Final status report and plans for the future is published on my blog, at
>> http://blog.pasternacki.net/2008/08/18/gsoc-status-update-week-12-final/



>> _______________________________________________
>> cl-openid-devel mailing list
>> cl-openid-devel at common-lisp.net
>> http://common-lisp.net/cgi-bin/mailman/listinfo/cl-openid-devel





From avodonosov at yandex.ru  Mon Aug 18 21:58:40 2008
From: avodonosov at yandex.ru (Anton Vodonosov)
Date: Tue, 19 Aug 2008 00:58:40 +0300
Subject: [cl-openid-devel] API discussion
In-Reply-To: <ufxp9yn6l.fsf@pasternacki.net>
References: <1218577458.4058.5.camel@localhost>
	<290773.20080813022911@yandex.ru> <ufxp9yn6l.fsf@pasternacki.net>
Message-ID: <499483819.20080819005840@yandex.ru>

Hello Maciej.

I am evaluating the library by creating sample sites using openid
from scratch. At the moment I am working with provider and trying
to do it maximally close to real life needs .

The API is quite convenient and I have only minor notes. I have not
finished with evaluating yet, so I'll provide the notes little bit
later.

Best regards,
-Anton

on Wednesday, August 13, 2008, 6:00:50 PM Maciek wrote:

> Hello,

> I just added some comments to the examples.  Hope this clears things
> up a bit.

> Anton Vodonosov <avodonosov at yandex.ru> writes:

>> Hello, Maciej.
>>
>> Comments in the examples ave very desirable, because they
>> would make the API easier to understand.
>>
>> Yesterday I glanced over the examples, but didn't understand them.
>> Today I tried again and now I understand some peaces, but
>> not everything.
>>
>> It looks like I need to create similar example myself to get feeling
>> of the API.
>>
>> I will do it as soon as possible.
>>
>> Regards,
>> -Anton
>>
>> on Wednesday, August 13, 2008, 12:44:18 AM Maciek wrote:
>>
>>> Hello,
>>
>>> As I wrote in my last report, I finally provided first-class objects for
>>> RP and OP, exported basic API and separated examples.
>>
>>> The exported API is by no means final -- it's minimal and instead of
>>> thinking about every possible use case, I decided to export bare minimum
>>> and wait for need or request to export more.  I don't think I'd be able
>>> to predict many non-trivial usage patterns, and this way I can just call
>>> it agile programming ;)
>>
>>> I know the docs aren't there yet, but I'd appreciate if any of you did
>>> look at the examples and commented on proposed API (especially on what
>>> is it lacking).  Deadline is just a week away, and I hope to have 1.0
>>> then :)
>>
>>> Regards,
>>> Maciej.