From andyfrommk at gmail.com  Mon Feb 15 03:01:43 2016
From: andyfrommk at gmail.com (Andy Selby)
Date: Mon, 15 Feb 2016 03:01:43 -0800 (PST)
Subject: Free RPi hosting and possible tour of local datacentre
In-Reply-To: <361faf2a-fb34-45ae-a6f6-ab0ea3bb403d@googlegroups.com>
References: <c4b9a70a-734f-43ae-97e7-d883922c791b@googlegroups.com>
	<CACcDBrU0SEnypmLJYuJWZEG+74Gi+UO=xb6k-39voYGiWu-0hA@mail.gmail.com>
	<b1b78d0c-f636-4fb8-9a80-10124cc692c4@googlegroups.com>
	<1ecc3fbc-8265-45b0-a06b-9bf6a577878f@googlegroups.com>
	<361faf2a-fb34-45ae-a6f6-ab0ea3bb403d@googlegroups.com>
Message-ID: <7eae2272-37b2-403e-b6b1-b0a69b64b067@googlegroups.com>

Just got a very kind offer from Chris Wilkie of colocker.co.uk to any 
LUG/Perl Monger members who want their Raspberry Pi hosted at the colocker 
datacentre.
There may even be a possibility of a tour!
Anybody interested in either?
I know I'd be up for a tour.

Andy

On Sunday, 14 February 2016 20:01:40 UTC, Chris Wilkie wrote:
>
> Thanks Andy.  I'm happy to reach out to MK Linux user group if you have a 
> contact and extend the RPi offer to them if you think it would be of 
> interest.  Maybe we could even do a tour or something like that?  There are 
> quite a few interesting bits of tech we have developed that Linux users may 
> be interested in.
>
> Chris
>
> On Saturday, February 13, 2016 at 9:42:03 PM UTC, Andy Selby wrote:
>>
>>
>> We also offer free hosting of Raspberry Pi's for members of the London 
>>> Hackspace (for personal use) and would be more than happy to extend this to 
>>> the MK Makerspace membership too.  Again, drop me a line if you would like 
>>> to take up that offer.
>>>
>>
>> Thanks for extending this offer to us, Chris, that might have been me 
>> that posted about it since I was a member of LHS at the time.
>> I mentioned Colocker at the MK Linux user group and the Perl mongers, 
>> hope that helped your business. 
>>
>> Andy
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/miltonkeynes-pm/attachments/20160215/32eeff35/attachment.html>

From andyfrommk at gmail.com  Thu Feb 18 17:14:59 2016
From: andyfrommk at gmail.com (Andy Selby)
Date: Fri, 19 Feb 2016 01:14:59 +0000
Subject: You views on Bitcard SSO?
Message-ID: <CAKjdKp-UYFvC2gSG09P1XQB5F02bhzwgsFJ0+BpT-cgTk6yJDQ@mail.gmail.com>

Is bitcard.org a good single sign on service or should I use Oauth?
There is very little on the web[1] and none of it is recent.

I'm looking into an authentication framework for MK Makerspace so the
members section, wiki and hackernews-like section can all be SSO

[1] except bitcard.org this is all I could find:
http://www.perlmonks.org/?node=bitcard
https://en.wikibooks.org/wiki/Perl_Programming/CPAN/Bitcard

Thanks in advance

Andy

From peter at dragonstaff.co.uk  Fri Feb 19 01:43:17 2016
From: peter at dragonstaff.co.uk (Peter Edwards)
Date: Fri, 19 Feb 2016 09:43:17 +0000
Subject: You views on Bitcard SSO?
In-Reply-To: <CAKjdKp-UYFvC2gSG09P1XQB5F02bhzwgsFJ0+BpT-cgTk6yJDQ@mail.gmail.com>
References: <CAKjdKp-UYFvC2gSG09P1XQB5F02bhzwgsFJ0+BpT-cgTk6yJDQ@mail.gmail.com>
Message-ID: <CAKKi36K5L4HPuSUoduFmS60cMxGccXH84jQoVgqprV-YhVK-vA@mail.gmail.com>

Hi Andy, I'd suggest using OAuth2 and either running your own provider or
hanging it off Google/MS Live/github depending who your audience is.
Check out http://oauth.net/2/

Regards, Peter

On Fri, 19 Feb 2016 at 01:15 Andy Selby <andyfrommk at gmail.com> wrote:

> Is bitcard.org a good single sign on service or should I use Oauth?
> There is very little on the web[1] and none of it is recent.
>
> I'm looking into an authentication framework for MK Makerspace so the
> members section, wiki and hackernews-like section can all be SSO
>
> [1] except bitcard.org this is all I could find:
> http://www.perlmonks.org/?node=bitcard
> https://en.wikibooks.org/wiki/Perl_Programming/CPAN/Bitcard
>
> Thanks in advance
>
> Andy
> _______________________________________________
> MiltonKeynes-pm mailing list
> MiltonKeynes-pm at pm.org
> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/miltonkeynes-pm/attachments/20160219/981fe25a/attachment.html>

From tom at eborcom.com  Fri Feb 19 02:09:14 2016
From: tom at eborcom.com (Tom Hukins)
Date: Fri, 19 Feb 2016 10:09:14 +0000
Subject: You views on Bitcard SSO?
In-Reply-To: <CAKKi36K5L4HPuSUoduFmS60cMxGccXH84jQoVgqprV-YhVK-vA@mail.gmail.com>
References: <CAKjdKp-UYFvC2gSG09P1XQB5F02bhzwgsFJ0+BpT-cgTk6yJDQ@mail.gmail.com>
	<CAKKi36K5L4HPuSUoduFmS60cMxGccXH84jQoVgqprV-YhVK-vA@mail.gmail.com>
Message-ID: <20160219100913.GT64620@eborcom.com>

On Fri, Feb 19, 2016 at 09:43:17AM +0000, Peter Edwards wrote:
> I'd suggest using OAuth2 and either running your own provider or
> hanging it off Google/MS Live/github depending who your audience is.

Everyone I know who has tried to support OAuth2 has found the experience
painful.

This brief talk shows why people find it confusing:
https://www.youtube.com/watch?v=xeGxGnSkSdQ

I don't have a good answer to Andy's question unfortunately.  I doubt
anyone outside the Perl community uses Bitcard, so it doesn't provide
SSO for most people.  If you need SSO, you probably want OAuth, but if
you don't, avoid the hassle.

Tom

From peter at dragonstaff.co.uk  Fri Feb 19 02:38:12 2016
From: peter at dragonstaff.co.uk (Peter Edwards)
Date: Fri, 19 Feb 2016 10:38:12 +0000
Subject: You views on Bitcard SSO?
In-Reply-To: <20160219100913.GT64620@eborcom.com>
References: <CAKjdKp-UYFvC2gSG09P1XQB5F02bhzwgsFJ0+BpT-cgTk6yJDQ@mail.gmail.com>
	<CAKKi36K5L4HPuSUoduFmS60cMxGccXH84jQoVgqprV-YhVK-vA@mail.gmail.com>
	<20160219100913.GT64620@eborcom.com>
Message-ID: <CAKKi36JqDq49BxE90L49VZ2NafLnNEV2JhoKYfvkmP0sKrvTbA@mail.gmail.com>

We looked about a year ago at how to do federated identity between a few
systems. One was C# with a custom (don't ask) version of SAML, one was
Drupal PHP and the underlying authentication provider was MS Active
Directory.
SAML and OAuth2 solve different kinds of problem and present different
types of difficulty. There are plenty of good decks on slideshare.net that
go into this.
Because we were doing a client side Single Page Application which needed
the authentication then routing of service API calls from REST to a SOAP
XML backend, it turned out easiest for us to use OAuth2 and do mapping in
an integration platform on MS Azure to SAML 2.0 make the different systems
work together.
As Tom says, there is no single simple answer. It depends what you're
trying to do, what components you've already got and who your audience is
(internal, external) and what application they are using, e.g. is it a
chromebook, mobile app, corporate desktop.
Cheers, Peter

On Fri, 19 Feb 2016 at 10:26 Tom Hukins <tom at eborcom.com> wrote:

> On Fri, Feb 19, 2016 at 09:43:17AM +0000, Peter Edwards wrote:
> > I'd suggest using OAuth2 and either running your own provider or
> > hanging it off Google/MS Live/github depending who your audience is.
>
> Everyone I know who has tried to support OAuth2 has found the experience
> painful.
>
> This brief talk shows why people find it confusing:
> https://www.youtube.com/watch?v=xeGxGnSkSdQ
>
> I don't have a good answer to Andy's question unfortunately.  I doubt
> anyone outside the Perl community uses Bitcard, so it doesn't provide
> SSO for most people.  If you need SSO, you probably want OAuth, but if
> you don't, avoid the hassle.
>
> Tom
> _______________________________________________
> MiltonKeynes-pm mailing list
> MiltonKeynes-pm at pm.org
> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/miltonkeynes-pm/attachments/20160219/7016f062/attachment.html>

From colin.newell at gmail.com  Fri Feb 19 02:56:38 2016
From: colin.newell at gmail.com (Colin Newell)
Date: Fri, 19 Feb 2016 10:56:38 +0000
Subject: You views on Bitcard SSO?
In-Reply-To: <CAKKi36JqDq49BxE90L49VZ2NafLnNEV2JhoKYfvkmP0sKrvTbA@mail.gmail.com>
References: <CAKjdKp-UYFvC2gSG09P1XQB5F02bhzwgsFJ0+BpT-cgTk6yJDQ@mail.gmail.com>
	<CAKKi36K5L4HPuSUoduFmS60cMxGccXH84jQoVgqprV-YhVK-vA@mail.gmail.com>
	<20160219100913.GT64620@eborcom.com>
	<CAKKi36JqDq49BxE90L49VZ2NafLnNEV2JhoKYfvkmP0sKrvTbA@mail.gmail.com>
Message-ID: <CAKPO2a5+RGxufVjM0ou1XgvUKd2b1NVPoT6OJqXNa1_=QjrPCg@mail.gmail.com>

There are applications designed to provide an authentication server
that can be dropped into place.  Keycloak is the one I came across
recently that allows you to provide your own OAuth authentication
server.  It also conveniently has a docker container image that makes
it very easy to try quickly.  Well as quickly as you can setup oauth2
integration....

http://keycloak.jboss.org/
https://registry.hub.docker.com/u/jboss/keycloak/

Note that this still isn't all that simple, but if you wanted to
support OAuth2 from multiple providers but still allow users to sign
up with your own authentication provider if they don't want to use
their external account a solution using a server like that might be of
use.

As Peter says, there is no single answer, and definitely no simple
answer when it comes to OAuth2 (try to avoid the  original OAuth).


Colin.

On 19 February 2016 at 10:38, Peter Edwards <peter at dragonstaff.co.uk> wrote:
> We looked about a year ago at how to do federated identity between a few
> systems. One was C# with a custom (don't ask) version of SAML, one was
> Drupal PHP and the underlying authentication provider was MS Active
> Directory.
> SAML and OAuth2 solve different kinds of problem and present different types
> of difficulty. There are plenty of good decks on slideshare.net that go into
> this.
> Because we were doing a client side Single Page Application which needed the
> authentication then routing of service API calls from REST to a SOAP XML
> backend, it turned out easiest for us to use OAuth2 and do mapping in an
> integration platform on MS Azure to SAML 2.0 make the different systems work
> together.
> As Tom says, there is no single simple answer. It depends what you're trying
> to do, what components you've already got and who your audience is
> (internal, external) and what application they are using, e.g. is it a
> chromebook, mobile app, corporate desktop.
> Cheers, Peter
>
> On Fri, 19 Feb 2016 at 10:26 Tom Hukins <tom at eborcom.com> wrote:
>>
>> On Fri, Feb 19, 2016 at 09:43:17AM +0000, Peter Edwards wrote:
>> > I'd suggest using OAuth2 and either running your own provider or
>> > hanging it off Google/MS Live/github depending who your audience is.
>>
>> Everyone I know who has tried to support OAuth2 has found the experience
>> painful.
>>
>> This brief talk shows why people find it confusing:
>> https://www.youtube.com/watch?v=xeGxGnSkSdQ
>>
>> I don't have a good answer to Andy's question unfortunately.  I doubt
>> anyone outside the Perl community uses Bitcard, so it doesn't provide
>> SSO for most people.  If you need SSO, you probably want OAuth, but if
>> you don't, avoid the hassle.
>>
>> Tom
>> _______________________________________________
>> MiltonKeynes-pm mailing list
>> MiltonKeynes-pm at pm.org
>> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>
>
> _______________________________________________
> MiltonKeynes-pm mailing list
> MiltonKeynes-pm at pm.org
> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
>

From peter at dragonstaff.co.uk  Fri Feb 19 03:10:56 2016
From: peter at dragonstaff.co.uk (Peter Edwards)
Date: Fri, 19 Feb 2016 11:10:56 +0000
Subject: You views on Bitcard SSO?
In-Reply-To: <CAKPO2a5+RGxufVjM0ou1XgvUKd2b1NVPoT6OJqXNa1_=QjrPCg@mail.gmail.com>
References: <CAKjdKp-UYFvC2gSG09P1XQB5F02bhzwgsFJ0+BpT-cgTk6yJDQ@mail.gmail.com>
	<CAKKi36K5L4HPuSUoduFmS60cMxGccXH84jQoVgqprV-YhVK-vA@mail.gmail.com>
	<20160219100913.GT64620@eborcom.com>
	<CAKKi36JqDq49BxE90L49VZ2NafLnNEV2JhoKYfvkmP0sKrvTbA@mail.gmail.com>
	<CAKPO2a5+RGxufVjM0ou1XgvUKd2b1NVPoT6OJqXNa1_=QjrPCg@mail.gmail.com>
Message-ID: <CAKKi36LS+MjA5zZRWsEsR4LZM6rONfyp+-s2ugcA+1_q2EqFkg@mail.gmail.com>

Ah that's quite a nice option Colin :)

A more expensive but simpler way to go if you don't want to roll your own,
is to pay for a service that does that for you. We looked at a few 2 years
ago and one that was okay was PingIdentity
https://www.pingidentity.com/en/products/pingfederate.html

At the time I commented to my colleagues we could set our own stuff up
around ADFS in Azure more cheaply (because of a large educational
discount). It does depend on your situation, user volumes and so on.

Regards, Peter


On Fri, 19 Feb 2016 at 10:56 Colin Newell <colin.newell at gmail.com> wrote:

> There are applications designed to provide an authentication server
> that can be dropped into place.  Keycloak is the one I came across
> recently that allows you to provide your own OAuth authentication
> server.  It also conveniently has a docker container image that makes
> it very easy to try quickly.  Well as quickly as you can setup oauth2
> integration....
>
> http://keycloak.jboss.org/
> https://registry.hub.docker.com/u/jboss/keycloak/
>
> Note that this still isn't all that simple, but if you wanted to
> support OAuth2 from multiple providers but still allow users to sign
> up with your own authentication provider if they don't want to use
> their external account a solution using a server like that might be of
> use.
>
> As Peter says, there is no single answer, and definitely no simple
> answer when it comes to OAuth2 (try to avoid the  original OAuth).
>
>
> Colin.
>
> On 19 February 2016 at 10:38, Peter Edwards <peter at dragonstaff.co.uk>
> wrote:
> > We looked about a year ago at how to do federated identity between a few
> > systems. One was C# with a custom (don't ask) version of SAML, one was
> > Drupal PHP and the underlying authentication provider was MS Active
> > Directory.
> > SAML and OAuth2 solve different kinds of problem and present different
> types
> > of difficulty. There are plenty of good decks on slideshare.net that go
> into
> > this.
> > Because we were doing a client side Single Page Application which needed
> the
> > authentication then routing of service API calls from REST to a SOAP XML
> > backend, it turned out easiest for us to use OAuth2 and do mapping in an
> > integration platform on MS Azure to SAML 2.0 make the different systems
> work
> > together.
> > As Tom says, there is no single simple answer. It depends what you're
> trying
> > to do, what components you've already got and who your audience is
> > (internal, external) and what application they are using, e.g. is it a
> > chromebook, mobile app, corporate desktop.
> > Cheers, Peter
> >
> > On Fri, 19 Feb 2016 at 10:26 Tom Hukins <tom at eborcom.com> wrote:
> >>
> >> On Fri, Feb 19, 2016 at 09:43:17AM +0000, Peter Edwards wrote:
> >> > I'd suggest using OAuth2 and either running your own provider or
> >> > hanging it off Google/MS Live/github depending who your audience is.
> >>
> >> Everyone I know who has tried to support OAuth2 has found the experience
> >> painful.
> >>
> >> This brief talk shows why people find it confusing:
> >> https://www.youtube.com/watch?v=xeGxGnSkSdQ
> >>
> >> I don't have a good answer to Andy's question unfortunately.  I doubt
> >> anyone outside the Perl community uses Bitcard, so it doesn't provide
> >> SSO for most people.  If you need SSO, you probably want OAuth, but if
> >> you don't, avoid the hassle.
> >>
> >> Tom
> >> _______________________________________________
> >> MiltonKeynes-pm mailing list
> >> MiltonKeynes-pm at pm.org
> >> http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
> >
> >
> > _______________________________________________
> > MiltonKeynes-pm mailing list
> > MiltonKeynes-pm at pm.org
> > http://mail.pm.org/mailman/listinfo/miltonkeynes-pm
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/miltonkeynes-pm/attachments/20160219/39e1b612/attachment.html>