ABSTRACT
Proposed project will provide a Common Lisp implementation of OpenID 2.0 standard(1), as described in OpenID Authentication 2.0 (Final) specification(2). Project goal will be a complete implementation, but with focus on URL identifiers with HTML-based discovery, which seem to be most widely implemented OpenID usage pattern. Yadis(3) discovery (as specified in Yadis Specification, Version 1.0(4)), XRI(5,6) identifier support, and XRDS(5,6)-based discovery will have lower priority and will be implemented only if time permits. Optionally, OpenID Simple Registration Extension 1.0(7) and OpenID Attribute Exchange 1.0(8) extensions may be also implemented. This implementation will be delivered as a modularized ASDF(9) system, which will be portable across Lisp implementations, web server, web client, and storage backends.
RATIONALE
Popularity of Internet is still growing, and new services appear every day. Most of them require their users to have a separate login/password pair and profile set up for the service. An average user has many accounts, usually uses a few variants of login name (since common login names are already taken at some services), and either has a lot of different passwords to memorize, or insecurely uses the same password in different services. OpenID(10,11) deals with these problems by providing single point of authorization for the user, with login name replaced by unique URL, and automatic transfer of basic profile information to the service using OpenID for authentication.
With sustaining popularity of new webapps, Common Lisp's popularity as implementation language grows, and will continue to grow as an effect of more and more authors recognizing pattern pointed out by Paul Graham: that popular programming languages converge to Lisp. There are already many frameworks and servers for web programming: without particular order, BKNR(12), K-Pax(13), Araneida(14), AllegroServe(15) with Portable AllegroServe(16), UnCommon Web(17), Hunchentoot(18), Weblocks(19) (built on top of the previous), CLAW(20), and probably more. All of them need authorization support, and web application authors should not need to reinvent the wheel with every webapp or framework. Author would certainly use such library in his work.
DELIVERABLES
Consistent, extensible API, supporting:
- OpenID Provider service for chosen backends,
- Relying Party service for chosen backends,
- Defining alternative (not supported) Web server backends,
- Defining alternative (not supported) Web client backends,
- Defining alternative (not supported) storage backends,
- Implementing additional OpenID extensions, such as OpenID Simple Registration Extension or OpenID Attribute Exchange
Implementation of aforementioned API as a modularized ASDF system, consisting of:
- Main common functionality module
- Separate system for Relying Party implenentation
- Separate system for OpenID Provider implementation
- Separate system for each provided web server, web client and storage backend
This modularity will make it possible to include only dependencies needed for any particular project using the library
Optional deliverables, in form of separate ASDF systems:
- Implementation of XRI,
- Implementation of Yadis,
- Implementation of OpenID Simple Registration Extension 1.0
- Implementation of OpenID Attribute Exchange 1.0 These will be implemented only if time permits.
BRIEF BIOGRAPHY
Pasternacki, Maciej Paweł(21,22), is Polish CS student, on fourth year of five-year Masters program at University of Gdansk(23). For last four years works half-time as a programmer and technical writer. Earlier he was administrating Linux systems for about a year. Since 2005 works for Polish-Japanese company Sentivision(24). Up to mid-2007 his job was developing Common Lisp programs. These were closed, proprietary programs, details of which cannot be shared, but he was cooperating with authors of Open Source implementations and libraries his company was using.
During his work, he contributed to Embeddable Common Lisp(25) implementation (his patches were incorporated into ECL mainline and he earned write access to ECL CVS repository), and later he worked on a web-app in UnCommon Web(17) with all required fixes and contributions to UnCommon Web framework and other Bese libraries(26). His contributions to these projects were incorporated into mainline repositories and he earned write access to projects' darcs repos. Currently his job doesn't involve Lisp, but it remains his favourite language which he uses in personal side-projects. Fragments of his Lisp snippets are at his home page(27), including a work-in-progress Common Lisp Librarian(28) project for managing ASDF systems, and Curly(29) reader macros.
Maciej took part in Google Summer of Code 2007(30,31,32). He implemented Automake functionality layer within SCons build tool, finishing his project with success. Resulting code is still being integrated into SCons trunk.
REFERENCES
- (1) OpenID Specifications - http://openid.net/developers/specs/
- (2) OpenID Authentication 2.0 (Final) - http://openid.net/specs/openid-authentication-2_0.html
- (3) Yadis 1.0, The Identity and Accountability Foundation for Web 2.0 - http://yadis.org/
- (4) Yadis 1.0 - http://yadis.org/papers/yadis-v1.0.pdf
- (5) OASIS Extensible Resource Identifier (XRI) TC Public Documents - http://www.oasis-open.org/committees/documents.php?wg_abbrev=xri
- (6) XRI - Wikipedia - http://en.wikipedia.org/wiki/XRI
- (7) OpenID Simple Registration Extension 1.0 - http://openid.net/specs/openid-simple-registration-extension-1_0.html
- (8) OpenID Attribute Exchange 1.0 - http://openid.net/specs/openid-attribute-exchange-1_0.html
- (9) Another System Definition Facility - http://www.cliki.net/asdf
- (10) OpenID - http://openid.net/
- (11) OpenID - Wikipedia - http://en.wikipedia.org/wiki/Openid
- (12) BKNR Lisp Application Environment - http://bknr.net/
- (13) KPAX, A Common Lisp Application Framework - http://homepage.mac.com/svc/kpax/
- (14) Araneida, a Common-Lisp webserver - http://common-lisp.net/project/araneida/
- (15) AllegroServe, a Web Application Server - http://opensource.franz.com/aserve/
- (16) Portable AllegroServe - http://portableaserve.sourceforge.net/
- (17) UnCommon Web - http://common-lisp.net/project/ucw/
- (18) HUNCHENTOOT, The Common Lisp web server formerly known as TBNL - http://www.weitz.de/hunchentoot/
- (19) Weblocks, a continuations-based web framework written in Common Lisp - http://common-lisp.net/project/cl-weblocks/
- (20) Common Lisp Action Web - http://common-lisp.net/project/claw/
- (21) Maciej Pasternacki - http://www.pasternacki.net/
- (22) Maciej Pasternacki's resume - http://www.linkedin.com/in/maciejpasternacki
- (23) University of Gdansk - http://www.ug.gda.pl/
- (24) Sentivision - http://www.sentivision.com/
- (25) Embeddable Common Lisp - http://ecls.sf.net/
- (26) The bese project - http://common-lisp.net/project/bese/
- (27) Maciej Pasternacki's code - http://www.pasternacki.net/en/code/
- (28) Common Lisp Librarian - http://www.pasternacki.net/en/code/cl-librarian
- (29) Curly - http://www.pasternacki.net/en/code/curly
- (30) Maciej Pasternacki GSoC 2007 short proposal - http://code.google.com/soc/2007/scons/appinfo.html?csaid=439ADBC3E08ACCD4
- (31) Maciej Pasternacki GSoC 2007 full proposal - http://www.scons.org/wiki/GSoC2007/MaciejPasternacki
- (32) Maciej Pasternacki GSoC 2007 implemented API reference - http://www.scons.org/wiki/GSoC2007/MaciejPasternacki/APIReference