Thursday 29 May 2008

Opensource internship

About a month ago we, me and my friend and fellow student Wouter, started our internship at IS4U. I'll keep this introduction about us brief. I will just say that we arrived on a blitz from our Erasmus in Finland just the night before we started and we're graduating as Bachelors in Applied Informatics in June.
Our task was simple, we were to combine a single sign on (SSO) system, in our case it was CAS, together with a Virtual Directory: Penrose and MyVD. All of them open source software. We, being familiar with Linux, were somewhat used to working with open source software and had a good feeling of things to come.
What we experienced with the latter- myVD - was something different. Apart from its strange suggestive name it was a struggle and sometimes a real hassle to find the correct information and descriptions for implementing some specific needs for our project. On top of that it was also very unstable. It wasn't long before we deemed this piece of open source software inadequate for what we would need it. The myVD software was not up to par, although it has some potential it certainly lacks proper documentation. Trying to configure something that has very little documentation and a small community for support is a difficult thing.
Our second confrontation with a free virtual directory, called Penrose, was a lot better. It even came with a software program to configure the entire virtual directory with the aid of wizards, clicking buttons and right clicking some options. But as I feared our enthusiasm didn’t last very long. As soon as we were done configuring we spend about double that time troubleshooting our configuration because it flawed some small, but crucial, things. Not to mention that it has some serious issues with third party LDAP browsers.

To compare the two free products would be difficult.
MyVD was small, uncomplicated but lacked many options. Penrose was bigger, mature, more complicated; it looked well documented and came with a really nice development tool, Penrose studio. But here we also have to add that this product is far from ready to be implemented in a system that has to be stable and secure. It does offer more options but it’s still not finished. We will see what happens in later releases.
All in all our experience with these products, considering they are free, are not that bad and if we had a better background of the LDAP concept we would probably have been able to figure out what we did wrong faster. But apart from that it’s safe to conclude that these free Virtual Directories, especially Penrose, probably have a future, just not right away…

Wednesday 28 May 2008

New CAPTCHA technology already obsolete?

Discussing the latest CAPTCHA technology with a co-worker, I got the idea that CAPTCHA's are already an obsolete technology. It's successor ? Federation.

People still need to 'register' face-to-face with lots of potential identity providers. To name a few: a technician of the ISP needs to come to your home for installing an internet connection, you have to fill out some forms and hand over a copy of your identity card for opening a bank account and you have to present yourself to a clerk at city hall in order to receive an identity card. These forms of registration at Identity Providers don't require online forms, they require some sort of paper contract and a meeting in person. Some of them even hand out strong credentials in the process like tokens or smart cards.

I'm forseeing some troubles in achieving the following prerequisites but given ubiquitous trust in such identity providers and the privacy protection mechanisms enabled in federation protocol implementations, users will never have to fill out an online registration form again. Sites will no longer have to implement them or tinker with spam bot protection mechanisms, like CAPTCHA's, no more. We will have achieved the federation nirwana.