> (except I just realized another kid can still see all your stuff by
> using your laptop)
Allow me to say that this might be a good thing, as many sorts of peer
accountability would.
While _some_ degree of privacy does make _some_ sense, a system that
would be so "private" that no one but th
On Wed, Dec 3, 2008 at 3:47 AM, C. Scott Ananian <[EMAIL PROTECTED]> wrote:
> Re: Scratch & etoys: the problem with updating translations "in
> place" is that it doesn't support distributed work on translations:
> OLPC might do basic translations; they might be further developed in a
> country or
On Tue, Dec 2, 2008 at 20:28, Sebastian Silva <[EMAIL PROTECTED]>wrote:
> (except I just realized another kid can still see all your stuff by
> using your laptop)
>
That's always the case with the XO's security model; they can view your
journal, access your keys, etc.
-lf
___
> Yay, I think we agree. A simple confirmation dialog, and > if browse can
(or any other activity via openid-libraries)
> let the auth daemon (or its other name: local identity provider :-P )
> know that it just tried to login...
>
> Sounds all pretty sensible.
(except I just realized another kid
2008/12/2 Luke Faraone <[EMAIL PROTECTED]>:
> Oh, I accidentally moved this off-list, shall I forward this back?
Oops. By all means, its interesting.
> On Tue, Dec 2, 2008 at 19:56, Sebastian Silva <[EMAIL PROTECTED]>
> wrote:
>>
>> (...)
>> user=laptop.
>> >
>> > It's not exactly; because in that
On Tue, Dec 2, 2008 at 19:32, Sebastian Silva <[EMAIL PROTECTED]>wrote:
> Well initially, it was stated the problem was only to identify the
> laptop, not the user, right?
> (the ssh way)
> That is, user=laptop is assumed so no need to even bug the user.
> I'm not liking it much because it would m
Well initially, it was stated the problem was only to identify the
laptop, not the user, right?
(the ssh way)
That is, user=laptop is assumed so no need to even bug the user.
I'm not liking it much because it would me another kid could take your
laptop and log into all your stuff (which is true whi
>> Over the next several months and years a set
>> of best pratices, adjusted for cultural differences, will develop.
>Yama calls community building an "art", precisely because it doesn't seem
> to fit into "how-to" manual models. Maybe people who get communities
> running don't read manuals, don
On Tue, Dec 2, 2008 at 18:35, Sebastian Silva <[EMAIL PROTECTED]>wrote:
> 3.- The laptop confirms the user is requesting from it.
This is somewhat of a problem: how can we do this without giving the user
too many "did you really mean this" prompts?
-lf
__
> I'm less sure, though. I'd prefer a standard system.
+1
>One interesting
> option is OpenID authentication over Jabber (standardized as XEP-0070),
> e.g. http://openid.xmpp.za.net/. In this system, OpenID authentication
> requests appear to the user as chat messages. This means that the
> Ide
Heh, so it ends up I did have an interesting unintended proposal to make.
Then, if it was to use OpenID, it would be in a novel way. Still it
does make perfect sense. See:
1.- The user requests access.
2.- The server checks with his laptop.
3.- The laptop confirms the user is requesting from it.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Langhoff wrote:
> - A backchannel call using SSH
> - A challenge-response call using the fact that the XS knows the
> public SSH key of the XO.
You really like SSH!
I'm less sure, though. I'd prefer a standard system. One interesting
opti
On Tue, Dec 2, 2008 at 8:56 PM, Greg Smith <[EMAIL PROTECTED]> wrote:
> I put a stub of a requirement for it on our roadmap here:
> http://wiki.laptop.org/go/Feature_roadmap#Single_Sign_on_from_Browse
>
> Do you have any ideas or designs for how we can achieve that?
I think this can be quite simpl
>> On Sat, Nov 29, 2008 at 1:13 PM, Yamandu Ploskonka <[EMAIL PROTECTED]> wrote:
>>
>>> One thing that we need to see is about giving legitimacy to volunteers in
>>> countries where only if you have an "official" piece of paper you are to be
>>> taken into account. Right now I have an active, enth
On Tue, Dec 02, 2008 at 03:56:06PM -0500, Greg Smith wrote:
> We're mostly thinking of the school server as the server side but a
> more generic solution may be acceptable.
I'm relatively comfortable with our vague identity plans for the XS but
I'd like to know more about your idea for "a more ge
> It's reasonably likely that the XS will be an OpenID IDP (noting all
> the serious caveats around OpenID that make it a phishing-magnet), but
> _first_ the laptop needs to identify itself to the xS.
Ok yes I did misunderstand the original problem, sorry.
Please let me be of all assistance I can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luke Faraone wrote:
> On Tue, Dec 2, 2008 at 17:29, Benjamin M. Schwartz <[EMAIL PROTECTED]
>> wrote:
>
>> You misunderstand our purpose. The immediate technical goal is to
>> authenticate that a given connection goes to a particular XO. The machine
> David Farning wrote:
>> The second solution is official Sugar Labs Partners. These are for
>> profit business that would like to be 'Sugar Certified.'
Where can I find out more? OneVillage.biz is interested, and there are
others in my network.
>> thanks
>> david
--
Silent Thunder (默雷/धर्ममे
On Tue, Dec 2, 2008 at 17:42, Martin Langhoff <[EMAIL PROTECTED]>wrote:
> If we could switch to https easily, we could skip all this song and
> dance and just use client certs.
Why can't we, exactly? More and more non-standardness is _bad_ for security.
-lf
Thanks for your opening email - one quick comment...
On Tue, Dec 2, 2008 at 6:56 PM, Greg Smith <[EMAIL PROTECTED]> wrote:
> That's one example. I would also like any Web server to be able to extract
> the XO identity and use it in CGI (e.g. PHP) for processing.
the plan for that is that
1 - the
On Tue, Dec 2, 2008 at 8:19 PM, Sebastian Silva
<[EMAIL PROTECTED]> wrote:
>> That's a different model. We want the openID _provider_ to be either on the
>> laptop itself or on the school server. Since the _server_ has a changing
>> FQDN, this becomes harder. The solution would be to propose a chan
On Tue, Dec 2, 2008 at 17:29, Benjamin M. Schwartz <[EMAIL PROTECTED]
> wrote:
> You misunderstand our purpose. The immediate technical goal is to
> authenticate that a given connection goes to a particular XO. The machine
> itself then becomes the identifying token used to authenticate the
> id
On Tue, Dec 2, 2008 at 7:34 PM, C. Scott Ananian <[EMAIL PROTECTED]> wrote:
> Please re-read Sayamindu's original message. Thanks.
I don't find anything too special there. Perhaps I wasn't clear earlier.
What I meant to say is that all the good things we get from a bespoke
packaging format, we c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sebastian Silva wrote:
> Clearly, the provider should not be on the laptop. That would defeat
> the entire purpose of having an "Identity Provider".
You misunderstand our purpose. The immediate technical goal is to
authenticate that a given connecti
> That's a different model. We want the openID _provider_ to be either on the
> laptop itself or on the school server. Since the _server_ has a changing
> FQDN, this becomes harder. The solution would be to propose a change to the
> protocol or register the school servers domains (or subs) with a D
On Tue, Dec 2, 2008 at 17:07, Sebastian Silva <[EMAIL PROTECTED]>wrote:
> > OpenID, specifically, would be hard to implement in the current version
> of
> > the spec, as our devices FQDNs will be changing often. Locally, it might
> > work, but remote identification is a problem.
>
> Actually, my r
> OpenID, specifically, would be hard to implement in the current version of
> the spec, as our devices FQDNs will be changing often. Locally, it might
> work, but remote identification is a problem.
Actually, my regular laptop's FQDN changes all the time and I have no
problem remembering my OpenI
On Tue, Dec 2, 2008 at 16:32, Yamandu Ploskonka <[EMAIL PROTECTED]>wrote:
> Also, re:spoofing, there would need to be an update of the data being
> sent, maybe changes with the clock, daily? Don't know how to keep the
> algorythm secure and still have this Open.
>
That is mistake #1: Secret algor
On Tue, Dec 2, 2008 at 4:26 PM, Martin Langhoff
<[EMAIL PROTECTED]> wrote:
> On Tue, Dec 2, 2008 at 6:49 PM, C. Scott Ananian <[EMAIL PROTECTED]> wrote:
>> Fedora does not have a standard solution either, so I'm not sure
>> where you're going with this. We have to invent something. RPM is
>> not
what about
have the client send an Authorization header, in the Browse HTTP request.
This is part of standard HTTP request/response
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.8
One problem that those who see the complicated future is that this
exchange will only be validated w
On Tue, Dec 2, 2008 at 6:49 PM, C. Scott Ananian <[EMAIL PROTECTED]> wrote:
> Fedora does not have a standard solution either, so I'm not sure
> where you're going with this. We have to invent something. RPM is
> not obviously the right solution.
So Fedora doesn't use rpm files for localization
Can we please consider making this OpenID? It would really help to
integrate everything. I made a proposal about it some time ago, and
currently SugarLabs wiki has OpenID, which by the way, is a great.
Sebastian
2008/12/2 Greg Smith <[EMAIL PROTECTED]>:
> Hi Tomeu and Browse engineers,
>
> Talkin
Hi Tomeu and Browse engineers,
Talking with Martin L recently he mentioned that you have some ideas on
how the XO can communicate its identity (e.g. serial # and maybe user
name) with a web server. We're mostly thinking of the school server as
the server side but a more generic solution may be
On Tue, Dec 2, 2008 at 2:26 PM, Martin Langhoff
<[EMAIL PROTECTED]> wrote:
> On Thu, Nov 13, 2008 at 6:58 PM, Sayamindu Dasgupta <[EMAIL PROTECTED]> wrote:
>> I have been thinking of having a separate place in the filesystem for
>> _new_ translations, and using RPM to manage the installation and
>>
On Wed, Dec 3, 2008 at 1:34 PM, Yamandu Ploskonka <[EMAIL PROTECTED]> wrote:
>
>
> David Farning wrote:
>>
>> On Tue, Dec 2, 2008 at 4:17 PM, Sebastian Silva
>> <[EMAIL PROTECTED]> wrote:
>>
>>>
>>> My research question has been "¿how to jumpstart an ecosystem?"
>>>Hernan Pachas from the minis
David Farning wrote:
> On Tue, Dec 2, 2008 at 4:17 PM, Sebastian Silva
> <[EMAIL PROTECTED]> wrote:
>
>> My research question has been "¿how to jumpstart an ecosystem?"
>>
>> Hernan Pachas from the ministry, and I offer to organize volunteers
>> for support and training, etc. At the time,
On Thu, Nov 13, 2008 at 6:58 PM, Sayamindu Dasgupta <[EMAIL PROTECTED]> wrote:
> I have been thinking of having a separate place in the filesystem for
> _new_ translations, and using RPM to manage the installation and
> upgradation of the new translations.
What is the downside of RPMs? If users ed
Re: Scratch & etoys: the problem with updating translations "in
place" is that it doesn't support distributed work on translations:
OLPC might do basic translations; they might be further developed in a
country or region, etc. Each might be updated individually.
Further, you want to be able to b
On Tue, Dec 2, 2008 at 4:17 PM, Sebastian Silva
<[EMAIL PROTECTED]> wrote:
> Hello,
> I realize I should have jumped into this discussion earlier. Please
> excuse me, I've just put myself thru an intense matrixesque
> self-learning weeks around learning communities, communities of
> practice, commu
39 matches
Mail list logo