HTTP Client Library for PHP

As I mentioned in my last post, I’m currently spending a lot of time thinking about and coding PHP libraries for the various Open Stack protocols. I’ve recently hit a common roadblock with a couple of the libraries, and wanted to solicit some feedback from the community. Ironically enough, I’m stuck with regards to the absolutely lowest level in the technology stack that most developers have to deal with: HTTP. We need good HTTP support in the Open Stack libraries to do basic things like fetching metadata documents, and sending OAuth and OpenID requests. Some things to think consider:

  • we don’t need to worry about PHP 4
  • we need to be able to attach custom headers in the request
  • we need to be able to view the headers from the response
  • SSL support is a must
  • gzip compression is highly desirable as well
  • we need to limit any external dependencies outside of a standard PHP 5 installation, or as few as possible. (this of course doesn’t include any code we ship as part of the library itself)
  • I’m not aware of any need for support of HTTP cookies
  • it might be nice if particular platforms could provide their own HTTP handler. eh, maybe?
  • if we’re going to redistribute code with the libraries, the license is very important

    Read More »

Posted in technology | Tagged , , | 12 Comments

The Open Stack (in PHP)

A couple of months or so ago, I made a conscious shift in my focus with the DiSo Project. Instead of continuing to concentrate on some of the higher level deliverables like WordPress plugins, I decided it was time to step back and evaluate where the development community (specifically the PHP development community) is with the Open Stack. For the purposes of this discussion, I’m going to use Johannes Ernst’s redux of John McCrea’s Open Stack graphic. I’m also only going to concentrate on three of the middle components: Metadata Discovery, Authentication, and Access Control.

The Open Stack

Read More »

Posted in identity, technology | Tagged , , , , , , , | 7 Comments

Authentication in WordPress 2.8

Use Case

I’ve spent a lot of time working with the WordPress authentication system. I took over the OpenID plugin for WordPress two years ago, and was hired by Vidoop last May to work on the DiSo Project full time. Last summer, Matt Mullenweg invited me to talk at WordCamp SF 2008 about OAuth. As you can see in my slidedeck, it was a lot of smoke and mirrors at that point… we didn’t have OAuth in WordPress, although it was on the roadmap for 2.7.

We’ve had an OAuth plugin for a little while that Stephen Paul Weber wrote, but it wasn’t until a couple of months ago that I finally sat down to polish it up. The first use-case we wanted to tackled was XML-RPC, so I got to work with Joseph Scott. Having OAuth authentication with XML-RPC would allow for blog clients like MarsEdit or the WordPress iPhone app to communicate with your blog without having to share your WordPress password.

Read More »

Posted in identity, technology | Tagged , , , , | 48 Comments

Email Etiquette: Replying to Mailing Lists

Most email clients support the idea of “threaded messages”… that is, the client can group together individual email messages that are part of the same conversation, or “thread”. This is a particularly useful feature on mailing lists where multiple conversations are happening at the same time. For example, the following screenshot of the OpenID General Discussion list shows two distinct message threads in Apple’s Mail application:

Example of message threading

In order to match up messages that belong to the same conversation, email clients use two techniques. First, they match emails with the same subject line, which is mostly accurate. Occasionally this will result in “false positives” where unrelated emails are grouped together because the senders happened to use the same subject. The second method is far more accurate and makes use of a hidden portion of the email message which most people never see. Emails, just like web page requests include a number of hidden “headers” that carry extra information about the message.

Email Headers

This includes information about the email client the sender used, the message priority, and the different servers that handled the message along the way. Each email message also includes a unique identification string called the “Message-Id”. This string is unique for every email message in the world… no two are ever identical. In the screenshot above, the Message-Id is <49518270.7010405@degeneration.co.uk>. If someone were to reply to that message, the Message-Id of the original email would be included in the reply email as another hidden header aptly named In-Reply-To:

Email Reply

Any future replies would continue to include an In-Reply-To header with this value so that email clients can recognize that they all belong to together and group them accordingly. This method of conversation tracking is far more accurate, but has one problem. That problem occurs when some lazy person comes along and wants to send a message to the mailing list, but instead of clicking on “New Message” in their mail client, they pick a message at random from the list, click “Reply”, and then clear out the subject and body of the message. While this looks like a new message about a new topic, because the person “replied” to a previous email instead of starting a new message, the previous Message-Id got attached. Note the following reply to the same email above, but now the subject has been changed from talking about a Google sign-in button, to the BBC being an OpenID provider. These are completely different discussions!

Incorrect Reply

If we go back to our first screenshot of the two message threads, we can see the this new message (as well as any of its replies) get lumped right together with the original discussion.

Merged Discussions

So today’s lesson in email etiquette: If you’re not actually replying to a particular email, DON’T CLICK “REPLY”. Copy and paste the “To:” email address if you have to, but don’t click reply! There might be some grace here for emails between individuals, but not on mailing lists, especially not on technical mailing lists. (Not meaning to pick on Peter in the screenshots above… he is not the only offender on the OpenID mailing lists, that just happened to be the most recent occurrence).

Okay, that’s my rant for the day… I’m good now. Oh, and Merry Christmas. :)

Posted in technology | Tagged , , | 6 Comments