On Tue, Dec 2, 2008 at 4:17 PM, Sebastian Silva
[EMAIL PROTECTED] wrote:
Hello,
I realize I should have jumped into this discussion earlier. Please
excuse me, I've just put myself thru an intense matrixesque
self-learning weeks around learning communities, communities of
practice, community
Re: Scratch etoys: the problem with updating translations in
place is that it doesn't support distributed work on translations:
OLPC might do basic translations; they might be further developed in a
country or region, etc. Each might be updated individually.
Further, you want to be able to
On Thu, Nov 13, 2008 at 6:58 PM, Sayamindu Dasgupta [EMAIL PROTECTED] wrote:
I have been thinking of having a separate place in the filesystem for
_new_ translations, and using RPM to manage the installation and
upgradation of the new translations.
What is the downside of RPMs? If users edit
snip
David Farning wrote:
On Tue, Dec 2, 2008 at 4:17 PM, Sebastian Silva
[EMAIL PROTECTED] wrote:
My research question has been ¿how to jumpstart an ecosystem?
Hernan Pachas from the ministry, and I offer to organize volunteers
for support and training, etc. At the time, they had
On Tue, Dec 2, 2008 at 2:26 PM, Martin Langhoff
[EMAIL PROTECTED] wrote:
On Thu, Nov 13, 2008 at 6:58 PM, Sayamindu Dasgupta [EMAIL PROTECTED] wrote:
I have been thinking of having a separate place in the filesystem for
_new_ translations, and using RPM to manage the installation and
Hi Tomeu and Browse engineers,
Talking with Martin L recently he mentioned that you have some ideas on
how the XO can communicate its identity (e.g. serial # and maybe user
name) with a web server. We're mostly thinking of the school server as
the server side but a more generic solution may be
Can we please consider making this OpenID? It would really help to
integrate everything. I made a proposal about it some time ago, and
currently SugarLabs wiki has OpenID, which by the way, is a great.
Sebastian
2008/12/2 Greg Smith [EMAIL PROTECTED]:
Hi Tomeu and Browse engineers,
Talking
On Tue, Dec 2, 2008 at 6:49 PM, C. Scott Ananian [EMAIL PROTECTED] wrote:
Fedora does not have a standard solution either, so I'm not sure
where you're going with this. We have to invent something. RPM is
not obviously the right solution.
So Fedora doesn't use rpm files for localization
what about
have the client send an Authorization header, in the Browse HTTP request.
This is part of standard HTTP request/response
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.8
One problem that those who see the complicated future is that this
exchange will only be validated
On Tue, Dec 2, 2008 at 4:26 PM, Martin Langhoff
[EMAIL PROTECTED] wrote:
On Tue, Dec 2, 2008 at 6:49 PM, C. Scott Ananian [EMAIL PROTECTED] wrote:
Fedora does not have a standard solution either, so I'm not sure
where you're going with this. We have to invent something. RPM is
not obviously
On Tue, Dec 2, 2008 at 16:32, Yamandu Ploskonka [EMAIL PROTECTED]wrote:
Also, re:spoofing, there would need to be an update of the data being
sent, maybe changes with the clock, daily? Don't know how to keep the
algorythm secure and still have this Open.
That is mistake #1: Secret algorithms
OpenID, specifically, would be hard to implement in the current version of
the spec, as our devices FQDNs will be changing often. Locally, it might
work, but remote identification is a problem.
Actually, my regular laptop's FQDN changes all the time and I have no
problem remembering my OpenID
On Tue, Dec 2, 2008 at 17:07, Sebastian Silva [EMAIL PROTECTED]wrote:
OpenID, specifically, would be hard to implement in the current version
of
the spec, as our devices FQDNs will be changing often. Locally, it might
work, but remote identification is a problem.
Actually, my regular
That's a different model. We want the openID _provider_ to be either on the
laptop itself or on the school server. Since the _server_ has a changing
FQDN, this becomes harder. The solution would be to propose a change to the
protocol or register the school servers domains (or subs) with a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sebastian Silva wrote:
Clearly, the provider should not be on the laptop. That would defeat
the entire purpose of having an Identity Provider.
You misunderstand our purpose. The immediate technical goal is to
authenticate that a given connection
On Tue, Dec 2, 2008 at 7:34 PM, C. Scott Ananian [EMAIL PROTECTED] wrote:
Please re-read Sayamindu's original message. Thanks.
I don't find anything too special there. Perhaps I wasn't clear earlier.
What I meant to say is that all the good things we get from a bespoke
packaging format, we can
On Tue, Dec 2, 2008 at 17:29, Benjamin M. Schwartz [EMAIL PROTECTED]
wrote:
You misunderstand our purpose. The immediate technical goal is to
authenticate that a given connection goes to a particular XO. The machine
itself then becomes the identifying token used to authenticate the
On Tue, Dec 2, 2008 at 8:19 PM, Sebastian Silva
[EMAIL PROTECTED] wrote:
That's a different model. We want the openID _provider_ to be either on the
laptop itself or on the school server. Since the _server_ has a changing
FQDN, this becomes harder. The solution would be to propose a change to
Thanks for your opening email - one quick comment...
On Tue, Dec 2, 2008 at 6:56 PM, Greg Smith [EMAIL PROTECTED] wrote:
That's one example. I would also like any Web server to be able to extract
the XO identity and use it in CGI (e.g. PHP) for processing.
the plan for that is that
1 - the
On Tue, Dec 2, 2008 at 17:42, Martin Langhoff [EMAIL PROTECTED]wrote:
If we could switch to https easily, we could skip all this song and
dance and just use client certs.
Why can't we, exactly? More and more non-standardness is _bad_ for security.
-lf
David Farning wrote:
The second solution is official Sugar Labs Partners. These are for
profit business that would like to be 'Sugar Certified.'
Where can I find out more? OneVillage.biz is interested, and there are
others in my network.
thanks
david
--
Silent Thunder
It's reasonably likely that the XS will be an OpenID IDP (noting all
the serious caveats around OpenID that make it a phishing-magnet), but
_first_ the laptop needs to identify itself to the xS.
Ok yes I did misunderstand the original problem, sorry.
Please let me be of all assistance I can in
On Tue, Dec 02, 2008 at 03:56:06PM -0500, Greg Smith wrote:
We're mostly thinking of the school server as the server side but a
more generic solution may be acceptable.
I'm relatively comfortable with our vague identity plans for the XS but
I'd like to know more about your idea for a more
On Sat, Nov 29, 2008 at 1:13 PM, Yamandu Ploskonka [EMAIL PROTECTED] wrote:
One thing that we need to see is about giving legitimacy to volunteers in
countries where only if you have an official piece of paper you are to be
taken into account. Right now I have an active, enthusiastic,
On Tue, Dec 2, 2008 at 8:56 PM, Greg Smith [EMAIL PROTECTED] wrote:
I put a stub of a requirement for it on our roadmap here:
http://wiki.laptop.org/go/Feature_roadmap#Single_Sign_on_from_Browse
Do you have any ideas or designs for how we can achieve that?
I think this can be quite simple.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Langhoff wrote:
- A backchannel call using SSH
- A challenge-response call using the fact that the XS knows the
public SSH key of the XO.
You really like SSH!
I'm less sure, though. I'd prefer a standard system. One interesting
option
Heh, so it ends up I did have an interesting unintended proposal to make.
Then, if it was to use OpenID, it would be in a novel way. Still it
does make perfect sense. See:
1.- The user requests access.
2.- The server checks with his laptop.
3.- The laptop confirms the user is requesting from
I'm less sure, though. I'd prefer a standard system.
+1
One interesting
option is OpenID authentication over Jabber (standardized as XEP-0070),
e.g. http://openid.xmpp.za.net/. In this system, OpenID authentication
requests appear to the user as chat messages. This means that the
Identity
On Tue, Dec 2, 2008 at 18:35, Sebastian Silva [EMAIL PROTECTED]wrote:
3.- The laptop confirms the user is requesting from it.
This is somewhat of a problem: how can we do this without giving the user
too many did you really mean this prompts?
-lf
Over the next several months and years a set
of best pratices, adjusted for cultural differences, will develop.
Yama calls community building an art, precisely because it doesn't seem
to fit into how-to manual models. Maybe people who get communities
running don't read manuals, don't write
Well initially, it was stated the problem was only to identify the
laptop, not the user, right?
(the ssh way)
That is, user=laptop is assumed so no need to even bug the user.
I'm not liking it much because it would me another kid could take your
laptop and log into all your stuff (which is true
On Tue, Dec 2, 2008 at 19:32, Sebastian Silva [EMAIL PROTECTED]wrote:
Well initially, it was stated the problem was only to identify the
laptop, not the user, right?
(the ssh way)
That is, user=laptop is assumed so no need to even bug the user.
I'm not liking it much because it would me
2008/12/2 Luke Faraone [EMAIL PROTECTED]:
Oh, I accidentally moved this off-list, shall I forward this back?
Oops. By all means, its interesting.
On Tue, Dec 2, 2008 at 19:56, Sebastian Silva [EMAIL PROTECTED]
wrote:
(...)
user=laptop.
It's not exactly; because in that model the laptop
Yay, I think we agree. A simple confirmation dialog, and if browse can
(or any other activity via openid-libraries)
let the auth daemon (or its other name: local identity provider :-P )
know that it just tried to login...
Sounds all pretty sensible.
(except I just realized another kid can
On Tue, Dec 2, 2008 at 20:28, Sebastian Silva [EMAIL PROTECTED]wrote:
(except I just realized another kid can still see all your stuff by
using your laptop)
That's always the case with the XO's security model; they can view your
journal, access your keys, etc.
-lf
On Wed, Dec 3, 2008 at 3:47 AM, C. Scott Ananian [EMAIL PROTECTED] wrote:
Re: Scratch etoys: the problem with updating translations in
place is that it doesn't support distributed work on translations:
OLPC might do basic translations; they might be further developed in a
country or region,
(except I just realized another kid can still see all your stuff by
using your laptop)
Allow me to say that this might be a good thing, as many sorts of peer
accountability would.
While _some_ degree of privacy does make _some_ sense, a system that
would be so private that no one but the
37 matches
Mail list logo
