[geeklog-devel] Choplair's Google Summer of Code 2009 student proposal file for Geeklog project's full OpenID 2.0 implementation idea.

Choplair chopinou at choplair.org
Fri Apr 3 15:13:31 EDT 2009


Yes that's a long title, and a long email.
This is the copy of my OpenID 2.0 Google SoC student proposal I've
just sent to you using the Google form (I hope it worked).
Yes, I know there are already some people on the ring, and that I am
coming late (yes, juuuust before the officialdeadline :p).
But here it follow (some line bellow), for your information.

I know you folks prefer ASCII to some PDF, so it's not a really nice
looking text, sorry...
(for the normal people : PDF is available at
http://temp.choplair.info/Choplair_Geeklog_GSoC_2k9_application.pdf )
Nice reading for the adventurous. :)



Google Summer of Code 2009
student proposal file
for Geeklog project's
full OpenID 2.0
implementation idea.


1 – Useless introduction story

Hello the sweet Geeklog development folks !

My name is Choplair. I am aware it's more or less the student
application deadline when you are receiving this, but, surprise, here
I am submitting to you yet another proposal for implementing your
OpenID 2.0 idea listed on your Google Summer of Code 2009 page [1].

I know there are already some other student proposals [2][3] for that
same (seemly popular !) idea. I reviewed them, as a reviewed the whole
content related to that project, on you wiki as the mailing list, and
by no way it made me doubt of the legitimacy of my additional
application (as you could believe I did because I'm sending this
document to you at the very last time).
The reason I am bit late is simple: I just stumbled across your Google
SoC quite recently and rather haphazardly.

A very few days ago, I was reading the daily news of some French
Slashdot website named “LinuxFR” [3] and found a pair of articles
about the potential future developments of some popular open source
projects, as there were just accepted as mentoring organization for
the 2009 edition of Google's Summer of Code.

So it made me wonder “Oh! That's the new SoC! Nice!” and by curiosity
I was willing to see the list of the various projects that had been
accepted for this year, to visualize the panel of the open source
program/software titles that, thanks to students working on it, would
be going to get boosted during the summer.

There were plenty of big names (Apache, KDE, Debian, Xorg, Mozilla,
GIMP...) plus --and that's IMO very interesting for them-- some
smaller (by the size, the development stage or the targeted audience)
projects placed at the same level.

I clicked on the name of some projects which I have affinity with,
which I know they matched my programming skills, and which I also
enjoy as a regular end user. Like I've said I was more curious than
ambitious to participate in SoC this year...

I know it's not the first time for you but I was surprised to see
“Geeklog” in the list, once again. So, because you perfectly fitted
the point I mentioned above, I immediately loaded your SoC profile

Project description, homepage... “OK, nothing new for me, let's check
out the link on bottom : idea list”. It pointed to your wiki and then,
while reading your idea list, I suddenly stopped on the lower part and
say : “OMG ! OpenID 2.0 support ! They put this on that list for me

Then I read more about what you wanted and that really made me change
my mind : I finaly wanted to participate in SoC, just for you and for
this feature !

That was the path that led me to this document, but now this
introduction is over I'm going to tell you more about what I could do,
how I would do it, and why I would be the best option to pick up ! :p

2 - Project presentation, objectives and issues

OK so I'm not going to reveal you undisclosed knowledge but let me
recap what is the goal of OpenID, how it works, and why it is
interesting for Geeklog so you can see I know my stuff.
Well so OpenID is a rather new (first v1.0 specs in 2005) attempt to
create an internet cross-website user authentication standard, meaning
that it is not required any more for the visitor to manually input
most of his/her personal datas (nickname, fullname, address,
website...) to a website that requires it : it is done automatically
by login using his/her OpenID on any site which has enabled support
for it.

It benefits both for the users which gain time (no more long
registration form with always the same information to enter) and for
the community-enabled websites which gain users (for the same reason,
because boring form may be cause of non-subscription).

The OpenID protocol has open and patent-free specifications, it works
in a client/server basis and I would say it is at the same time a both
centralized and decentralized system.
Centralized, because the user data shared with any authorized website
asking for them (the client, or “Relying party”) are stocked on a
single place (the server,  acting as an “OpenID provider”).
Decentralized, because the OpenID provider server can be any host
accessible by the Relying party using a simple URL/XRI and that can
communicate using HTTP (that is to say virtually any webserver
properly configured to handle OpenID request, which may be any address
such as “http://www.choplairopenidserver.com/” or
“http://choplair.myopenid.com”, etc.).

This URL/XRI also represent the only required information that the
user needs to input to the client for it to obtain the desired data
(often after an authorization step by the OpenID server, though,
making user data not accessible to everyone).

At the current time, Geeklog is OpenID enabled, which is great. But
there are limitation :

At the time of the its implementation into Geeklog, the OpenID
Authentifaction protocol was at its version 1.1. Some months later
were announced the OpenID Authentication protocol version 2.0. Is is
compatible with the previous version, but OpenID 1.1 is outdated and
2.0 is now the encouraged standard. It would thus be nice for Geeklog
to upgrade OpenID support.

Currently Geeklog supports OpenID as a client / Relying party only. It
means that users can create account and login user their external
OpenID, which is OK, but perhaps some Geeklog admins would like their
own blog / CMS to provide an OpenID to it's members, thus acting as a
OpenID server, which this is not yet supported.

So basically for Geeklog the project would consist in upgrading OpenID
support to the modern version (and try to anticipate OpenID 2.1), with
full client / server implementation (even if acting as an OpenID
server can be a totally optional feature, for the Geeklog

That thing already sounds nice. On your wiki you call it “medium”
level difficulty.

But where the thing sounds even nicer (“hard” difficulty level, as you
wrote, I would say more pleasure !) is that there is currently no PHP
implementation that fits the basic requirements :
- OpenID Authenfication version 2.0 implementation (and not 1.1)
- “full duplex” support (same library can act as a OpenID server and
as a client / Relying Party) ;
- independent and light library, easily integrated into any PHP application ;
- released under a (L)GPL-compatible license.

So yeah, to sum up, the project transforms into writing, from scratch,
a complete (both side) and free/libre OpenID 2.0 object-oriented PHP
library, first, and then integrates it into Geeklog.
Two things, but it seems like there is former point slightly more
serious than the latter.  :-)

So it's like a project outside the project, since apart the time to
implement it into Geeklog (which is the initial goal), the library
development is independent and it has chance (at least I hope so, and
I think that is actually what you would be proud to have promoted) to
later being used in parallel by other free PHP applications that need
to enable similar OpenID support.

It's a challenge. A very interesting project since it transcends
Geeklog needs to eventually become a useful piece of code usable by
other developer.

At the same time you would offer a nice feature to any Geeklog
blog/CMS, but also giving a present to the whole free software

I do like this project, technically and ideologically at the same time.

Now let me tell you that in addition to support it, I have the perfect
skills and personality to make that idea become real.

3 - Why I am the man for the job

Ok so it's time again for a story : let me introduce myself!

My name is Thomas GUTLEBEN, better know on the internet under the
nickname “Choplair”. I am a 20 year old student living in France. I am
someone curious, hardworking, and very very versatile. But here let me
focus on the point that matters for the SoC and GL.

First. In my university [4], in Toulouse, I officially learn
psychology. But guys, not studying in some Physic / Maths / Computer
Science Department of your local college isn't necessarily something
that can prove you are not a pure geek.

Let make it clear : I've been learning HTML (the language, not how to
use Dreamweaver GUI) at 11, managing my first website online at 12,
start coding in PHP / MySQL and running my own Apache websever
(serving content through my slow connection) at 13.

Since my 14 (in 2002) I have been a Free Software advocate and a
intensive GNU/Linux user / admin (though I remain pragmatic and
sometime use proprietary software / system that has not yet equal in
the free world, like audio / video creation I am adept).

Before orienting my studies to something which isn't related, because
I just prefer learn IT stuff by myself and act without diploma but
skill as a freelance programmer / webmaster / audio-video engineer, I
did some professional training --as requested my French high school--
in local webdevelopment company, some making business with GPL
software, and each time it was a success.

Between the web coding services I provide individually and some
experiences working in companies when it is not school period, I have
also  directed an internet-base copyleft-oriented multimedia /
software / web organization, the Choplair Network [4], that I founded
in 2003 (I was 15), and provided some GPL program in Python (not big
thing but smart one and popular within targeted range of user),
website creation (from the single page website to the big dynamic
portal), and miscellaneous graphic / audio / video works for the whole
world, friend, association or business. [you'll see there is no more
news for more than a year but those month I got really occupied by
more artistic project :p]

It's perhaps not very relevant to the more or less pure-PHP project
idea, but it is also noticeable that I am a W3C standards guru that is
always looking for producing clean XHTML / CSS code, that is in the
same time light, fully-accessible and efficient (the W3C validator for
http://www.geeklog.net/ currently counts 4 errors, what a shame !).

I think that should make you estimate the level of my global web
programming skill and experience, notably PHP coding and HTTP
communication (which is intensively used by OpenID). If you prefer
clear statement : I am very skilled and have strong experience with
GNU&Linux / Apache / PHP / MySql / (X)HTML / CSS / HTTP and of course
OpenID protocol (all the thing I would need to handle at a time or
another to conduct that project till the end).

I'm also used to work in a transparent way using CVS / SVN repository.

Now you perhaps want some shock sentence to help you choosing among
the other participants? The kind of sentence that make you understand
that I know about OpenID and that I'm not a tourist that chose the
Geeklog project randomly.

Do you remember the name of the guy that added OpenID 1.1 support to
Geeklog two years ago?
It's me, Choplair! Go check your changelog [5].

I did that “half duplex” (client only, but that's what you wanted)
OpenID 1.1 support in a reaction to a 100$ bounty you offered. It was
something I enjoyed.

You consider this project as the most “risky” / “experimental” of your
Google SoC ideas, but if I did something quite nice (since you still
use it) some hours during one week for 100$, so imagine what can I
produce if I was selected to work on that during the full summer
against some big bucks ? :)

I would do it. Both library then Geeklog inclusion. No problem, just
lot of fun. :)

4 – Discourse on the Method

Ok so here is explain what I would do I were selected. Of course that
plan may be adapted during the development process, and it is vague
regarding precise date, because it's quite hard for me to schedule the
thing day per day. I'll consider the complete working time to be 12
weeks, and cut it into quarter.

As you know there is two major step : creating a brand new OpenID 2.0
library that fit all the requirement mentioned above (GPL compatible,
both side client/server, independent, object oriented, OpenID version
2.0 and ready for the future) and then make Geeklog suppors OpenID 2.0
in a client / server fashion using that library that has been written
(but could be reusable by potential other projects).

Writing the library is the big thing. I would say it would take 2/4
(yes that ½ :p) of the time (from 1st week to week number 6). For more
transparency and more independence (that is what you want, at least it
seems), I won't be agains't directly create some Source Forge project
just for the OpenID library. There you'll thus be able to monitor my
change almost in real time since I would use SVN a lot, provide news
report, and finaly some alpha / beta / stable release.

I would build it not in a successive fashion (first the server, then
the client, or contrary) but client / server in parallel, so that the
feature I implement in one side can be handled by the other side. But
of course I'll test my implementation with various other client (for
the server) and server (for the client) to be sure that is universally
supported (but since the OpenID 2.0 specs would be my hand book, that
should be the case).

The third quarter of time (from week 7 to week 9 included) will be to
implement it into Geeklog. That should be easier, especially for the
client part since it is mostly an adaptation of what already exists,
and I have been the author of what already exists.

The fourh quarter of time (from week 10 to week 12 included) will
consist in final stuffs : testing, bug chase, documentation,
optimization, etc.

OK it's 18:50 UTC right now (student application deadline within 10
minutes, hope my mother board isn't going to burn suddenly !) so I
cannot enter more in detail but of course I will provide any further
information you may want. I available during to whole SoC time (no
holiday without internet access are planned for me). I am reliable and
very easy to reach using email or various IM protocol, if needed.

Thank you for you attention, and please remind that the proposal that
comes at the very end may eventually be the very best !

Bye folks !

5 – Link references

1 - http://wiki.geeklog.net/index.php/SoC_full_openid_support
2 - http://eight.pairlist.net/pipermail/geeklog-devel/2009-March/004141.html
3 - http://eight.pairlist.net/pipermail/geeklog-devel/2009-March/004130.html
4 – http://www.choplair.org
5 - http://www.geeklog.net/article.php/openid-patch?query=choplair

    ____  __  _  ___    ___   __   ___     ___   ___
 /  ___/ / /_/ / /  _  \  / _  \ /  /   / _  |   /_  _/ /  _  \
/  /__  /  _   / / /_/ / /  __/ /  /_ / __  |  _/ /_ /  ,  _/
\___/ /_/ /_/  \___/ /_/    /___//_/   |_|/___//_ /\_|

>> Copyleft Multimedia Production Network <<

>> E'mail:     contact AT choplair DOT net
>> Fax:        +33 (0) 957 90 42 42
>> Post:       CHOPLAIR. 2 rue de l'orne. #495
                     31100 Toulouse (FRANCE)

>> NET'work:             http://www.choplair.net
>> COMmunication:   http://www.choplair.com
>> ORGanization:      http://www.choplair.org
>> Entertainment
      U'nit:                    http://www.choplair.eu
>> FoRums:              http://www.choplair.fr
>> INFO'rmal:            http://www.choplair.info

More information about the geeklog-devel mailing list