[Mailman-Developers] Architecture for extra profile info

Xu Wang xuwang at gmail.com
Sat Apr 27 10:00:42 CEST 2013 

Here is my take on the basic system requirements and design issues:

System Components:
   * A RESTful API<https://en.wikipedia.org/wiki/Representational_state_transfer#RESTful_web_APIs>
-
a mini-server that servers restful calls.
   * A persistent store - a schemaless or relaxed datasource, e.g. Mongodb
   * An authn/authz service to support api authn/authz and account
management
       options for authn:
            - no auth, open to localhost, off load the AC to clients.
            - base
auth<http://en.wikipedia.org/wiki/Basic_access_authentication>,
username/pwd, requires https and minimum client effort.
            - HMAC
auth<http://en.wikipedia.org/wiki/Hash-based_message_authentication_code>,
requires clients to sign the requests with shared secrets, e.g. oauth1 and
AWS S3 auth. Needs out-of-band secretes and token management and
distribution.
       options for authz (privileges are http methods combined with
endpoint/scope):
            - role based, i.e. privileges are associated with role, work
with base auth.
            - owner based,  i.e. privileges are associated with user, work
with base auth.
            - token based, i.e. privileges are associated with token, see
OAuth <http://en.wikipedia.org/wiki/OAuth> and HMAC
auth<http://en.wikipedia.org/wiki/Hash-based_message_authentication_code>

Resource/Data model servered by API:
    * TBD,  means data model changes "as-we-go".
       A few initial data type should be given as a start point, or as
examples:
             - users
             - mailing_lists
             - subscriptions
             - user_profiles
             - accounts
             etc.
    * data presentation should be HATEOAS<http://en.wikipedia.org/wiki/HATEOAS>
 enabled.
    * content-type, applicaion/json, xml, html, etc.
    * etag should be used to support caching control and concurrency
control.
    * each resource servered by the api may have a simple validation
schema, i.e. in some sort of DSL.

Implementation Consideration:
    * Small footprint.
    * The API mechanism should decoupled with the resource data model to
allow maximum flexibility.
    * Due to the decoupling of API and the resource data model, the API may
only have limited support  for advanced or customized quires.
    * It is a "garbage-in, garbage-out" service, i.e. no or minmum data
manipulation by the service. E.g. if you post in a clear texted password
with user's data, it will stay clear in the database, and return back as
plain text when someone gets.
    * Service oriented, i.e runs as an independent first-class service.
    * DRY, use other good open source packages whenever possible.
    * In Python :-)

Relations to other system components:
    * Open... and RESTful


On Fri, Apr 26, 2013 at 11:53 PM, Stephen J. Turnbull <stephen at xemacs.org>wrote:

> Abhilash Raj writes:
>
>  > Hi all,
>  > I wrote a brief summary[1] of this thread.
>
> You've misinterpreted or mistyped a couple things I wrote:
>
> I'm not against OAuth in general, just against Mailman being an OAuth
> *provider*, or bundling one, because we can't support it properly.
> Users should get auth stuff from somebody whose primary interest is
> security stuff.
>
> When I write authentication and authorization should be avoided, I
> don't mean Mailman doesn't authenticate and authorize users.  I mean
> the implementation should be delegated to robust, well-tested modules
> or external applications (eg, Apache) whereever possible.
>
> The last quote needs to be fleshed out.  "This practice" refers to not
> exposing keys and other secrets to the whole application, including
> cooperating processes.  If authentication can be done in one place and
> an internal session or one-time authorization be granted, that's what
> should be done, rather than exposing user credentials to other parts
> of the application to do their own authentication and authorization.
>
> In making such a summary, I think it would be better to organize by
> topic.  Eg, a partial outline:
>
> REST API for extended user profiles
>   Authorization
>     Trusting local connections
>     HTTP Basic
>     OAuth
>     - Recommended for "outside world" [Florian]
>     - Advocates including an OAuth provider as a non-default,
>       experts-only option [Florian]
>     - Opposes bundling an OAuth provider [Stephen]
>     - OAuth necessary?  Why isn't HTTPS + Basic Auth good enough for
>       now? [Stephen]
>     - Don't need an OAuth provider to share authorizations (in fact,
>       at least in OAuth 2.0, providers don't provide sharing at all)
>       [Stephen]
>     - Implementing OAuth provider doesn't provide the benefits of
>       OAuth (ie, add an OAuth provider means users have yet another
>       set of credentials to manage) [Stephen]
>     - OAuth architecture = provider + client + consumer [Richard]
>     - Agrees to Mailman as OAuth consumer, not provider [Richard]
>     - OAuth may be overengineering, at first [Barry]
>   Database schemas
>   Database implementations
>   Wire Protocol
> etc...
>
> Also, in that format it's easy to reorganize:
>
> REST API for extended user profiles
>   Authorization
>     Trusting local connections
>     HTTP Basic
>     OAuth
>     - OAuth architecture = provider + client + consumer [Richard]
>     - Use client in Mailman?
>       - Recommended for "outside world" [Florian]
>       - Agrees to Mailman as OAuth consumer, not provider [Richard]
>       - OAuth necessary?  Why isn't HTTPS + Basic Auth good enough for
>         now? [Stephen]
>       - OAuth may be overengineering, at first [Barry]
>     - Use provider in Mailman?
>       - Advocates including an OAuth provider as a non-default,
>         experts-only option [Florian]
>       - Opposes bundling an OAuth provider [Stephen, Richard]
>       - Implementing OAuth provider doesn't provide the benefits of
>         OAuth (ie, add an OAuth provider means users have yet another
>         set of credentials to manage) [Stephen]
>       - Don't need an OAuth provider to share authorizations (in fact,
>         at least in OAuth 2.0, providers don't provide sharing at all)
>         [Stephen]
>   Database schemas
>   Database implementations
>   Wire Protocol
> etc...
>
> By the way, don't go out of your way to reorganize what you've already
> done, except as it's useful to you.  Gradually improve it as it helps
> you to recall discussion.
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> http://mail.python.org/mailman/options/mailman-developers/xuwang%40gmail.com
>
> Security Policy: http://wiki.list.org/x/QIA9
>

More information about the Mailman-Developers mailing list