Originally published at It Is A Mystery.... You can comment here or there.

TAAC should now, with the latest update, support Apache 2 much more nicely (apparently, mod_python with it no longer nicely forwards SSL variables as environment variables, so you have to access them in a different manner). There are still some issues with Apache 2’s handling of SSL renegotiation and use of the SSLVerifyClient directive that need to be resolved, but the bottom line is that the demos should now be working again on this server (updated to Apache 2 in the past month.)

In addition, public SVN access to checkout the TAAC code should now be available using the username and password ‘dig’.

Originally published at It Is A Mystery.... You can comment here or there.

As I’ve been working on TAAC, I’ve started to become concerned about potential weaknesses with any FOAF-based identity authentication system (be it RDFAuth, OpenID, or FOAF+SSL) and that’s that ALL systems, with the possible exception of RDFAuth (due to its reliance on PKI), have their weakest link as the integrity of the server hosting the FOAF file. All three systems rely on data in the FOAF file to ‘authenticate’ against, but this poses problems. Take, for example, the following scenario:

Alice runs a website that accepts an OpenID+FOAF system (it works easily well with FOAF+SSL). Bob is a client of Alice, and regularly uses the authentication scheme Alice has implemented. When authenticating, he traditionally authenticates against his FOAF URI, http://www.example.com/bob.rdf#bob. The file bob.rdf has information that links to Bob’s OpenID, http://www.example.com/bob, permitting him to authenticate with his (self-run) OpenID provider.

Eve wants to see the information that Bob gets to see on Alice’s website, and thanks to some shoddy system administration, finds a security hole that allows her to get access to the filesystem. Ignoring the other private information acquired in this way, Alice silently replaces bob.rdf with her own FOAF file that has one simple change: the OpenID associated with http://www.example.com/bob.rdf#bob is now http://www.example.com/eve, which is Eve’s OpenID provider. Eve authenticates agains her own OpenID provider and gets access as Bob to Alice’s website, does her dirty work, and then quietly returns the original FOAF file so that Bob is none the wiser. There’s precious little evidence that Eve intruded, and only an alert sysadmin might note the erroneous login. Meanwhile, Alice is barely aware of any difference other than that the OpenID changed for one particular login.

In summary, as Henry Story admitted (Point 5 in the FOAF+SSL description), these methods only assert that the person accessing any protected resource has ‘write access’ to their FOAF file… But that doesn’t assert that they’re the same person.

With the common weakness of many self-hosted domains having poor security protocols, a FOAF-based Authentication System could be disastrous. The only plausible ’stopgap measure’ might be requiring the system as a whole to cache the authentication credentials (e.g. OpenID, public key URL, or X.509 hash) and refuse access to people who present credentials that have changed. This adds a layer of complication to the mix as well, as it would require out-of-band communication to ensure that the ‘cached’ credentials are removed or replaced with new credentials manually… And even so, there is still the risk of incorrect authentication credentials being presented absent any evidence they are incorrect (e.g. Eve logs in before Bob ever does, or does so in the period where Bob’s cached credentials have been deleted, establishing her credentials in place of his own). There are ways around this, but they seem a bit kludgy to me (e.g. using the old OpenID/X.509 cert, which may not exist due to security risks, to authenticate the new one; checking against a public key server to see if there’s any indication that a public key has been revoked/replaced).

Are we sure that a FOAF-based Authentication System is secure enough? At the very least, it seems like we need proactive sysadmins maintaining the system to ensure it remains secure… And can we afford that?

Originally published at It Is A Mystery.... You can comment here or there.

So I’ve finally got a chance to return to working on TAAC, an access control mechanism for the web that integrates FOAF-based identification with access control rules. I’ve been doing some more thorough testing on the slow-down issues explained two posts back, and found that the slowdown, while significant, appears to be about 13 seconds or so, on average, on this server, a Linode virtual private server which I expect typifies an average web host (if not better than average).

Several attempts at profiling (aside from creating significantly increased processing times, up to 10x longer) led to the conclusion that, in fact, most of that time is spent in the second phase (post-authentication, during reasoning), which is where I’d EXPECT the slowdown to be. Granted, this now becomes a problem that can be solved in part by Moore’s Law, but even so, some speedups would be nice to allow it to be implemented today. I plan on running the same code on a relatively modern test server that’s dedicated to doing more or less supporting these tests, so it will likely run faster on there.

It’s worth considering that this is running on a variant of the cwm reasoner on top of a re-implemented Rete reasoner, and, seeing how it’s all in interpreted Python, rewriting it in compiled C code (or even Java) would probably see a significant speed-boost, but that’s not a terribly productive line of work (except where trying to actually push out a commercial product). It might also be worth exploring other reasoning approaches to improve the speed.

Even so, I’m going to try looking at the other authentication approaches to see what the benefits and costs of them are… I think the more RESTful approach without OpenID may have some arguments in favor of it, but I doubt they’re going to be based solely on speed.

Originally published at It Is A Mystery.... You can comment here or there.

It’s 2008.  Why the heck doesn’t my computer know what I’m probably going to be doing when I download a file?  My computer should be able to learn that I transcode video files with English hardsubs to MP4 and put them in my iTunes share, or that PDFs that I read may tend to be related to research and should be saved…  So why doesn’t it?

Originally published at It Is A Mystery.... You can comment here or there.

So I’ve returned after some time at MIT where I was getting a bearing on where I’m going next with my part in the TAMI project, and I’ve come out with a few goals:

• Finish tinkering and profiling the current TAAC setup.  This has already resulted in some interesting results, namely, that the planned OpenID setup is really slow.  To be fair, I’ve also only tested it with one physical setup, so I need to test a couple other servers, and so on. Unfortunately, it seems that the number of round-trips needed to get the FOAF file, get the OpenID identifier, and then establish a shared secret with the OpenID provider takes way too long. We can cache some of this (especially the former two), and can even avoid it all with a cookie established at the end of the first authentication, but the first sign-on takes entirely too long to process on this VPS.
• Examine other authentication methods.  Since the key right now is shortening the time needed to authenticate against one’s FOAF URI, there are several other methods out there that may cut out the authentication issues, including RDFAuth and Toby Inkster’s FOAF+SSL.  The former has less round-trips (as there isn’t the cost of setting up the SSL connection), but the latter doesn’t require the maintenance of a PKI, and can be done with self-signed certs.  I hope to be talking with Toby and Henry Story, among others, to see what’s been done with FOAF+SSL, and to see how we can work that authentication method in.
• Get a better idea how the reasoner engines work for the AIR reasoner. Seeing as my understanding is not terribly good at their reasoning methods, I’m going to be trying my hand at reimplementing a Rete system, a TREAT system, and a backwards chainer…  In Erlang (or at least do such for a Rete).  Why Erlang?  I think it will give me a good idea about not only how the system’s productions are called (as a network of alpha and beta nodes is rather nicely done in a functional framework), but it will give me a better understanding of the problems with trying to make a Rete concurrent (and why TREAT is ostensibly better at concurrency).  With Erlang’s BUILT-IN concurrency and light-weight threads, rather than a lock-based concurrent framework like in the Python we’re currently using, there’s no additional cost to making the functions concurrent if I take the time to do it in Erlang.  Luckily for me, I’ve worked with the Mozart Programming System in my programming languages class, and Erlang isn’t too different from that…  Plus, it’s another programming paradigm/language under my belt.
• Implement cwm built-ins into the AIR reasoner.  Yosi and I have already discussed some of the issues with doing so, so it’s just a matter of my understanding the code that’s standing in the way of my adding such.  Thus the reason for the above, and studying the existing code.

Originally published at It Is A Mystery.... You can comment here or there.

I suppose it’s about time for me to announce a status report of what I’m up to lately…

First: I’ve picked up my Pixonomy project again, and while I’ve JUST put it on hold again, I’ve progressed the library with a refactoring and I just need to do some cross-platform hacking (to get it to compile nicely on OS X as a universal binary), and implement a couple of search functions to actually get it to a state where I can actually start programming client software in GTK+ or wxWidgets (I haven’t decided which) to demo the library.

Second: I’m currently taking a break from Pixonomy to work on a nifty font for OpenTTD.  Since I noted that they finally implemented TrueType support and Unicode support in 0.5.0 (which I’d tried to implement before, but never really got around to), I figured I’d try my hand at something fun.  After I get all the lower case characters done preliminarily, I’ll start adjusting the bounds and kerning by testing in game…

Third: Been watching some of the subs for this season, and I think Allison & Lillia does seem to have some promise, but we’ll see where it goes.  Zettai Karen Children, though, is not so much up my alley.  We’ll see where the other series I want to check out go (namely, Library War)…  There’s a few others that might be good, too.

Originally published at It Is A Mystery.... You can comment here or there.

My final year of Genericon as Chief of Operations is over.  Kinda surprising that I’ve been such for three years!  Oh well, I think my replacement will do a good job.  I did my best to train him, but even so, I’ll probably end up as auxiliary help for Genericon XXII if grad school doesn’t interfere, just to make his and the new chair’s lives easier.

There were a couple of fun things we had, but I think Scott’s Horrible Video Game panel was one of the coolest things I got to do all con.  I recorded it on my camera, and even though it’s crappy quality, I’m gonna see if I can’t stitch together a Youtube post featuring it in the next week or so.  Standard work for a lot of the rest of the con, but even so, it was pretty fun.

It’s been fun, but it’s time for the new-old-guard to start moving on…  And time for me to actually get to work on the work that needs to be done for this semester.

P.S. djpretzel, Liontamer, and zircon were all awesome guests.  I didn’t see the others as much, but I think this years’ guests were all great and courteous guests and generally cool to hang out with!  Even though…  I kinda stayed in the ops room for half the con again.

Originally published at It Is A Mystery.... You can comment here or there.

Here are a couple AURA rating icons I came up with to use with the system. Combinations could probably work similarly, and I could shrink it or make a dark matte if you like…

Read the rest of this entry »