PHP, Zend Framework and Other Crazy Stuff
Openid and Yadis
Kicking The Bad Habit Of Being An Overworked Paddy
Jan 24th
It’s hard to believe we are already almost 1/12 of the distance into 2008. By now all of you have broken your new year resolutions. I know I’ve broken several at a minimum!
After some months of desperate oft-despairing struggling with work schedules I’ve finally once and for all conquered my lack of free time. It’s an ingenious solution – I’m taking a small break from work before rekindling an interest in financial services in these doubtful times (ask Société Générale if you want to know how doubtful, or the US Federal Rserve).
The outcome of this reorganisation of my career direction is twofold. Firstly I get extra bags of cash. Secondly, I get slightly more vacation time. Thirdly, it won’t require as much overtime. Fourthly, there’s less chance of last-minute-scrambling which became exceptionally evident over the last few months as the Irish market continues to swell (in defiance of the laws of EU Economics). Of course added together this provides more of my most sought after commodity – personal time.
All that’s left is how to use this new-found wealth. In between the extra pub-crawling exercises, engagements as the designated baggage mule on shopping excursions, and the other things an average 20-something is inclined to do, I want to enjoy some travel, take up writing again, and commit some completion time to the open source projects I contribute to.
I’ve been a very bad boy in that regard in the last six months and at one point I became an absolute nightmare for anyone who needed to contact me by email. It was not my finest hour, and I seriously doubt I escaped with a pristine reputation for being dependable. C’est la vie. A few of these “instances” shall we call them, have since been resolved to my satisfaction so I’m 95% back to nominal form as a powerhouse of innovation, inspiration and ingenuity (see, even my ego is back rockin’ at full throttle!). Yep, you can always measure the normality of an Irishman by his level of self-directed sarcasm 
.
Anyways, enough self-critical analysis – it weakens the ego – since I’m back in fine form after two extremes (a two month vacation, and a four month chaotic period of non-stop work) I have the luxury of directing some of this time where it was always supposed to be: in supplementing my PHP experience with some open source doodling and manic self-promotion 
. The first target of my ire is a small project with Till Klampaeckel (Seek. Kill. Destroy.). After that is PHPSpec 0.3.0 (Exterminate! Exterminate! Exterminate!). After that is that frickin’ promise-but-never-effing-do component for implementing a Yadis service (Off With His Head! Off With His Head!). I swear that thing has been sitting in a personal subversion repo begging for a few final hours of attention!
After that I’m taking a long breather, attending oodles of conferences, and finding something with a lot of words to write.
OAuth Specification and Zend Framework/PEAR Proposal
Oct 4th
It’s been sitting in the dark until it’s recent Public Draft appearance, but the OAuth Specification is finally at the “Final Draft” stage, and we should see a final draft come November. I’ve been following OpenID for over a year now, and it’s great to see another product of Identity/Web 2.0 world see the light of day.
OAuth, for those not following its progress, is “an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications”. If you’re familiar with how the Flickr web service operates, this should be familiar (Flickr were involved in the specification process). OAuth was borne partly out of the needs of web services who wished to implement OpenID (e.g. Twitter, Ma.gnolia) but whose web services still require a username/password combination. But it also covers the case where giving out your real username and password combination to third-party apps is an unnecesary security risk (don’t want them using that data to take over your account ). This covers apps from online services like mashups, to desktop widgets or even Adode AIR applications.
Quick mention here to Ed Finkler’s Spaz (Best HTML Community Application in the Adobe AIR Derby ) which is one very cool Twitter app I’ve been using for a while now! If you don’t already follow me on Twitter, I’m “padraicb“.
Because I love all things OpenID related and am an OpenID “pusher” in Europe (blame the OpenID Europe Foundation membership on Snorri Giorgetti), I’ll be proposing a PHP5 implementation of OAuth to the Zend Framework (assuming no other OAuth proposal) and PEAR (PEAR because that’s now the home of my OpenID For PHP library under proposal).
If you’re interested in finding out more about OAuth, visit the website at http://www.oauth.net.
Eran Hammer-Lahav probably put OAuth in terms of a most useful metaphor.
OAuth is like a valet key for all your web services. A valet key lets you give a valet the ability to park your car, but not the ability to get into the trunk or drive more than 2 miles or limit the RPMs on your high end German automobile. In the same way, an OAuth key lets you give a web agent the ability to check your web mail but NOT the ability to pretend to be you and send mail to everybody in your address book.
OAuth and OpenID, coming to a web service near you (including Bloglines) soon.
PEAR OpenID support packages released
Sep 29th
After proposing these back in June/July (and getting held up by August’s vacation!) I have gotten around to releasing three packages on PEAR which are required for an OpenID package later on.
Services_Yadis
Crypt_DiffieHellman
Crypt_HMAC2
All are released as beta. Next step is getting the OpenID Consumer proposed…
Update: I forgot to thank my PEAR peers whose feedback and assistance on the proposal road was exemplary.
Prodigal PHP Developer Returns
Sep 7th
First blog entry for a long time, and predictably it’s the infamous “I’m back!” topic. So I’ll be quick. I’m back. The Maug lives – though the four weeks I spent offline (mostly; I couldn’t evade certain persons who pay certain salaries forever though…) has left me bumming across my previous haunts scratching my head like a bumpkin tourist.
I’m sure I’ll settle back in to a few interesting posts here, and elsewhere, and in the arcane planes occupied by mailing lists. Just need to get my bearings, put up with “red-man” jokes (I can bum around Spain and get sunburnt, but mother nature, in her sorry excuse for Wisdom, decided I didn’t need to tan afterwards!), and figure out how many emails I missed during August. I’ve replied to a couple of the more interesting ones – the rest of ye land lubbers can wait ’till tomorrow! If you’re desperately needing to contact me throw an email to the usual place – I am staying current right now so few delays in responding.
Those who have been showing interest in the OpenID library I kickstarted during July will be happy to see it progressing once again shortly. Draft 12 of the OpenID 2.0 Specification has been recently published so I’ll be reviewing it for any necessary changes in the libraries operation. I suspect there will be few, if any, fundamental updates. A large part of the remaining work on the library is creating an integration testing platform to recreate the various conditions and options OpenID 2.0 allows for. Unit tests (as opposed to integration tests) were always sparse since the library is specification derived (i.e. you need around 95% of completed code before OpenID Authentication even works in a basic form).
The library is, of course, being persued for distribution via PEAR, and PEAR2 in the future. It’s been a month since I had a chance to discuss things with Dmitry, so a Zend Framework outlet may still be possible. I’m reasonably sure the Zend_Yadis proposal (a separate specification OpenID 2.0 requires) will be available with the Zend Framework eventually since it’s 99.9% complete barring unit test coverage. You can knock around OpenID For PHP for the current versions (from July – alpha status) used to obtain acceptance to PEAR.
I suppose my other main interest is checking in on where the whole Zend_View Enhanced / Zend_Layout debate has moved over the last month, and whether there has been any adoption of solutions in my absence.
So, for those who sent emails, IMs or other stuff to me over August – working through them now. Until next time!
OpenID In PHP PEAR: Proposed!
Jul 26th
Yes, my OpenID 2.0 PHP5 Consumer has finally been proposed to PEAR. This brings the OpenID fanaticism on PEAR to four packages:
- OpenID_Consumer
- Services_Yadis
- Crypt_HMAC2
- Crypt_DiffieHellman
It’s been quite the thrill ride, and my thanks go out to the PEAR guys who’ve put up with the proposal flood over the last few weeks, and drawn attention to some of the weaker spots in the source code.
My attention, for now, will remain on getting the OpenID 2.0 Consumer further up to par. This will see the completion of Nonce validation (a required anti-replay attack preventative), error reporting which is more consistent, and adding support for a few other operation modes, like check_immediate. I also really want to get documentation committed as soon as possible since it’s a PITA using a library in its absence.
For those unfamliar with OpenID, and who want a quick overview, David Recordon and Simon Willison gave an OpenID Bootcamp tutorial at OSCON on Wednesday. Here ya go:
