6.0.0-beta1
10/25/25
Last Modified 5/28/08 by Chuck Hagenbuch
Table of Contents

OpenID Support

Goal

Provide both client and server OpenID support for Horde (these are different things).

Bugs

http://bugs.horde.org/ticket/6571

People

ChuckHagenbuch is interested in this project, and can provide expert support on Horde's authentication layer.

Description

Notes

As posted a few months back, I had started working on a PHP5 OpenID? library that I wished to port to the framework since it seemed a reasonable addition given our web app focus. Given the complexity of OpenID? as a distributed authentication service there are numerous components. Each by itself is actually not that hard, most of the problem is putting them together with a solid set of integration tests.

These include wrappers for large integer (> 32 bits) libraries since bcmath alone is awfully slow for this compared to gmp, cryptographic algorithms, and even a separate extensible web service (already proposed on the wiki). The list of possible sub-components that could feasibly get started with include:

Zend_Service_Yadis

Zend_Crypt_DiffieHellman

Zend_Crypt_Rsa

Zend_Crypt_Hmac

Zend_Crypt_Xtea

Zend_Math_BigInteger

An actual Zend_Service_Openid would need all of the above as well as general file parsers. I was looking for an opinion as to whether these are acceptable as individual proposals. It seems to make sense rendering OpenID? into it's reusable constituent parts rather lumping everything (and inevitably burying/hiding it) into the Openid namespace. I don't want to go spamming the wiki with 6+ proposals until I get a little feedback either :).

Any thoughts/comments on this, or OpenID? in the ZF in general, are appreciated. :) The primary goal is to implement OpenID? 1.1 and 2.0 to the extent necessary to authenticate. The basis of an OpenID? server can be considered after.

JanRain? code:

I dug through the JanRain? code quite a bit, and it's a bit bloated and sloppy, but I think that's just a side-effect of the library having been ported to a number of different languages, and clearly PHP wasn't the original. You might also be interested in Wez's much simpler code:

http://netevil.org/node.php?nid=949

Unless you're in an environment where you can apply his patch, you can only implement the dumb mode (or do all of that big number math in PHP, which seems wasteful and error-prone). I was hoping the JanRain? library would just work, since Wez's patch won't be an option for most people until the next public release of PHP.

Resources

http://www.openidenabled.com/openid/libraries/php

http://www.openidenabled.com/resources/openid-test/checkup/

http://iwantmyopenid.org/bounty

http://www.intertwingly.net/blog/2006/12/28/Unobtrusive-OpenID

http://intertwingly.net/blog/2007/01/03/OpenID-for-non-SuperUsers

http://netevil.org/blog/2007/06/howto-set-yourself-up-with-an-openid

http://siege.org/projects/phpMyID/

http://en.wikipedia.org/wiki/OpenID

http://en.wikipedia.org/wiki/Yadis

http://www.thespanner.co.uk/2007/06/29/openid-security-issues/


Back to the Project List