Smalltalk › Gemtalk › GLASS

Cryptography

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

7 messages Options

NorbertHartl

Cryptography

Hi,

at the moment I'm doing a new project that has a web interface and a rest api. I researching the possibilities to do external authentication. The most promininent names seem to be open ID and OAuth. The odds are quite high that there is a need for some crypto stuff if I want to use them. Is there anything available in gemstone?

thanks,

Norbert

SeanTAllen

Re: Cryptography

When I went looking a few months ago, I didn't find anything.

Is there a specific subset that you need?

On Tue, Feb 16, 2010 at 10:23 AM, Norbert Hartl <[hidden email]> wrote:
> Hi,
>
> at the moment I'm doing a new project that has a web interface and a rest api. I researching the possibilities to do external authentication. The most promininent names seem to be open ID and OAuth. The odds are quite high that there is a need for some crypto stuff if I want to use them. Is there anything available in gemstone?
>
> thanks,
>
> Norbert

NorbertHartl

Re: Cryptography

On 17.02.2010, at 20:16, Sean Allen wrote:

> When I went looking a few months ago, I didn't find anything.
>
> Is there a specific subset that you need?
>
No, my question is prior to anything concrete. I just want to secure my web api without having the need to invent yet another user authentication. Everything on the web points towards OAuth and as far as I understand it you need some crypto stuff in order to use it. Well, there are as well articles that state OAuth being dead :)

Norbert

> On Tue, Feb 16, 2010 at 10:23 AM, Norbert Hartl <[hidden email]> wrote:
>> Hi,
>>
>> at the moment I'm doing a new project that has a web interface and a rest api. I researching the possibilities to do external authentication. The most promininent names seem to be open ID and OAuth. The odds are quite high that there is a need for some crypto stuff if I want to use them. Is there anything available in gemstone?
>>
>> thanks,
>>
>> Norbert

SeanTAllen

Re: Cryptography

The crypto package for pharo is rather out of date and doesnt work out
of the box on gemstone but if you only needed a couple specific
algorithms ( which from looking at OAuth seems to be the case )
you can probably either extract them from cyrpto or sit down with a
copy of applied cryptography and implement yourself.

On Thu, Feb 18, 2010 at 1:34 AM, Norbert Hartl <[hidden email]> wrote:

>
> On 17.02.2010, at 20:16, Sean Allen wrote:
>
>> When I went looking a few months ago, I didn't find anything.
>>
>> Is there a specific subset that you need?
>>
> No, my question is prior to anything concrete. I just want to secure my web api without having the need to invent yet another user authentication. Everything on the web points towards OAuth and as far as I understand it you need some crypto stuff in order to use it. Well, there are as well articles that state OAuth being dead :)
>
> Norbert
>
>> On Tue, Feb 16, 2010 at 10:23 AM, Norbert Hartl <[hidden email]> wrote:
>>> Hi,
>>>
>>> at the moment I'm doing a new project that has a web interface and a rest api. I researching the possibilities to do external authentication. The most promininent names seem to be open ID and OAuth. The odds are quite high that there is a need for some crypto stuff if I want to use them. Is there anything available in gemstone?
>>>
>>> thanks,
>>>
>>> Norbert
>
>

Dale

Re: Cryptography

In reply to this post by NorbertHartl

Norbert,

Pier manages authentication and users, so you might find inspiration there.

Dale
----- "Norbert Hartl" <[hidden email]> wrote:

| On 17.02.2010, at 20:16, Sean Allen wrote:
|
| > When I went looking a few months ago, I didn't find anything.
| >
| > Is there a specific subset that you need?
| >
| No, my question is prior to anything concrete. I just want to secure
| my web api without having the need to invent yet another user
| authentication. Everything on the web points towards OAuth and as far
| as I understand it you need some crypto stuff in order to use it.
| Well, there are as well articles that state OAuth being dead :)
|
| Norbert
|
| > On Tue, Feb 16, 2010 at 10:23 AM, Norbert Hartl <[hidden email]>
| wrote:
| >> Hi,
| >>
| >> at the moment I'm doing a new project that has a web interface and
| a rest api. I researching the possibilities to do external
| authentication. The most promininent names seem to be open ID and
| OAuth. The odds are quite high that there is a need for some crypto
| stuff if I want to use them. Is there anything available in gemstone?
| >>
| >> thanks,
| >>
| >> Norbert

NorbertHartl

Re: Cryptography

Dale,

I think I wasn't clear enough at this point. I know pier has authentication. What I am researching is not to have my own authentication scheme. If you are going to a web site like stackoverflow you just enter your google openId and there you go. I find it annoying to register at every site that I want to use. I could go and use open id for the web site authentication. But openId requires you do an addtional step to authenticate at google. This is not doable for a pure HTTP interface. It is meant to be used by applications. All I've read so far it seems OAuth is targeted at this use case. What I really want is to separate user objects from each other. I only need users. They should not have authenticate themselves at my site. I want that the same user can just use the HTTP interface but still being authenticate to manage there own objects.

Norbert

On 18.02.2010, at 22:07, Dale Henrichs wrote:

Dale

Re: Cryptography

Norbert,

I see that you are way ahead of me:)

Dale

----- "Norbert Hartl" <[hidden email]> wrote:

| Dale,
|
| I think I wasn't clear enough at this point. I know pier has
| authentication. What I am researching is not to have my own
| authentication scheme. If you are going to a web site like
| stackoverflow you just enter your google openId and there you go. I
| find it annoying to register at every site that I want to use. I could
| go and use open id for the web site authentication. But openId
| requires you do an addtional step to authenticate at google. This is
| not doable for a pure HTTP interface. It is meant to be used by
| applications. All I've read so far it seems OAuth is targeted at this
| use case. What I really want is to separate user objects from each
| other. I only need users. They should not have authenticate themselves
| at my site. I want that the same user can just use the HTTP interface
| but still being authenticate to manage there own objects.
|
| Norbert
|
| On 18.02.2010, at 22:07, Dale Henrichs wrote:
|
| > Norbert,
| >
| > Pier manages authentication and users, so you might find inspiration
| there.
| >
| > Dale
| > ----- "Norbert Hartl" <[hidden email]> wrote:
| >
| > | On 17.02.2010, at 20:16, Sean Allen wrote:
| > |
| > | > When I went looking a few months ago, I didn't find anything.
| > | >
| > | > Is there a specific subset that you need?
| > | >
| > | No, my question is prior to anything concrete. I just want to
| secure
| > | my web api without having the need to invent yet another user
| > | authentication. Everything on the web points towards OAuth and as
| far
| > | as I understand it you need some crypto stuff in order to use it.
| > | Well, there are as well articles that state OAuth being dead :)
| > |
| > | Norbert
| > |
| > | > On Tue, Feb 16, 2010 at 10:23 AM, Norbert Hartl
| <[hidden email]>
| > | wrote:
| > | >> Hi,
| > | >>
| > | >> at the moment I'm doing a new project that has a web interface
| and
| > | a rest api. I researching the possibilities to do external
| > | authentication. The most promininent names seem to be open ID and
| > | OAuth. The odds are quite high that there is a need for some
| crypto
| > | stuff if I want to use them. Is there anything available in
| gemstone?
| > | >>
| > | >> thanks,
| > | >>
| > | >> Norbert